HackTheBox Shattered Tablet Writeup
Explore the basics of cybersecurity in the Shattered Tablet Challenge on Hack The Box. This very-easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.
https://app.hackthebox.com/challenges/486
Description
Deep in an ancient tomb, you’ve discovered a stone tablet with secret information on the locations of other relics. However, while dodging a poison dart, it slipped from your hands and shattered into hundreds of pieces. Can you reassemble it and read the clues?
Exploitation
I decompiled the program using Ghidra and created a buildable version. The main function checks each character in the array, enabling us to sort the characters and uncover the expected string.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
#include <stdio.h>
#include <string.h>
int main(void) {
char input[64] = {0};
printf("Hmmmm... I think the tablet says: ");
fgets(input, sizeof(input), stdin);
input[strcspn(input, "\n")] = 0;
if (
(input[34] == '4') && (input[20] == '3') && (input[36] == 'r') &&
(input[1] == 'T') && (input[21] == 'v') && (input[6] == '0') &&
(input[39] == '}') && (input[38] == 'd') && (input[31] == 'r') &&
(input[29] == '3') && (input[8] == '3') && (input[22] == 'e') &&
(input[35] == '1') && (input[5] == 'r') && (input[0] == 'H') &&
(input[32] == '3') && (input[18] == '.') && (input[13] == '4') &&
(input[3] == '{') && (input[10] == '_') && (input[16] == '.') &&
(input[4] == 'b') && (input[7] == 'k') && (input[15] == 't') &&
(input[14] == 'r') && (input[19] == 'n') && (input[25] == 't') &&
(input[17] == '.') && (input[9] == 'n') && (input[30] == '_') &&
(input[26] == '0') && (input[24] == '_') && (input[12] == 'p') &&
(input[23] == 'r') && (input[28] == 'b') && (input[33] == 'p') &&
(input[2] == 'B') && (input[27] == '_') && (input[11] == '4') &&
(input[37] == '3')
) {
puts("Yes! That's right!");
} else {
puts("No... not that");
}
return 0;
}
The code to print the flag is as follows:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
#include <stdio.h>
#include <string.h>
typedef struct {
int index;
char expected_char;
} Check;
int main(void) {
char flag[41] = {0};
Check checks[] = {
{0, 'H'}, {1, 'T'}, {2, 'B'}, {3, '{'}, {4, 'b'}, {5, 'r'}, {6, '0'}, {7, 'k'},
{8, '3'}, {9, 'n'}, {10, '_'}, {11, '4'}, {12, 'p'}, {13, '4'}, {14, 'r'}, {15, 't'},
{16, '.'}, {17, '.'}, {18, '.'}, {19, 'n'}, {20, '3'}, {21, 'v'}, {22, 'e'}, {23, 'r'},
{24, '_'}, {25, 't'}, {26, '0'}, {27, '_'}, {28, 'b'}, {29, '3'}, {30, '_'}, {31, 'r'},
{32, '3'}, {33, 'p'}, {34, '4'}, {35, '1'}, {36, 'r'}, {37, '3'}, {38, 'd'}, {39, '}'}
};
int num_checks = sizeof(checks) / sizeof(Check);
for (int i = 0; i < num_checks; i++) {
flag[checks[i].index] = checks[i].expected_char;
}
flag[num_checks] = '\0';
printf("The flag is: %s\n", flag);
return 0;
}
1
gcc main.c && ./a.out
Summary
The Shattered Tablet Challenge on Hack The Box offers an introduction to reversing and code decryption tailored for beginners. This very-easy-level challenge involves using Ghidra to decompile a program that validates a string against a series of character checks. The task is to reconstruct the string based on specified conditions within the code. Participants are required to sort characters and strategically piece together the expected flag from an array, utilizing a unique C program setup where each character’s correct position and value are defined by a predefined structure. This challenge demonstrates fundamental reversing skills and decryption of simple encryption methods, making it an excellent starting point for those new to cybersecurity.