HackTheBox The Art of Reversing Writeup
Explore the basics of cybersecurity in the The Art of Reversing Challenge on Hack The Box. This easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.
https://app.hackthebox.com/challenges/2
Description
This is a program that generates Product Keys for a specific Software Brand. The input is the client UserName and the Number of Days that the sofware will remain active on the client. The output is the product key that client will use to activate the software package. We just have the following product key ‘cathhtkeepaln-wymddd’ Could you find the corresponding Username say A and the number of activation days say B given as input?
Exploitation
Use dnspy to decompile and read buttonCreateProductKey_Click
1
2
3
4
5
6
7
8
9
10
11
12
13
14
#!/usr/bin/python3
def unscramble_permutation(given_user, input_str, output_str):
dictionary = {output_str[i]: given_user[i] for i in range(13)}
key = ''.join(dictionary[k] for k in sorted(dictionary.keys())).lower()
givenDay = "dddmyw"
originalGivenDay = ''.join([chr(ord(givenDay[i])-1) for i in range(len(givenDay))])
days = sum({'c': 100, 'l': 50, 'x': 10, 'v': 5}[c] for c in originalGivenDay.lower())
return f"HTB{{{key}{days}}}"
given_user = "cathhtkeepaln"
input_str = "0123456789abc"
output_str = "21450c3b6798a"
print(unscramble_permutation(given_user, input_str, output_str))
Summary
The The Art of Reversing Challenge on Hack The Box is an easy-level reverse engineering puzzle that introduces basic decoding and string manipulation techniques. Participants are tasked with decoding a product key to extract a username and the number of activation days. By analyzing the key and using a predefined mapping, the username and days are reconstructed, and the flag is generated in the format HTB{username365}. This challenge provides hands-on experience with reverse engineering, string decoding, and data extraction, making it ideal for beginners. It offers a practical introduction to understanding and reversing simple encoding schemes in cybersecurity.