HackTheBox LicenseGenerator

Explore the basics of cybersecurity in the LicenseGenerator Challenge on Hack The Box. This a hard-level CTF introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.

https://app.hackthebox.com/challenges/529

Description#

Arodor has been distributing promotional license keys to users across the world. We suspect that there could be some backdoor in this ‘special gift’ - can you investigate?

Exploitation#

tshark -r ./capture.pcapng -Y "tcp.stream eq 0 and tcp.len > 0" -T fields -e tcp.payload | tr -d '\ ' | xxd -r -p > ./tcp_data.bin

import ctypes

with open('./tcp_data.bin', 'rb') as f:
    data = f.read()
print('Parsing C2 communication...')
offset = 0
if data[offset:offset+4] == b'auth':
    offset += 4
    print('Found auth marker')
    offset += 1
    c2_key = data[offset:offset+8]
    offset += 8
    print(f'C2 key: {c2_key.hex()}')
    offset += 1
    offset += 8
    shell_len = int.from_bytes(data[offset:offset+2], 'little')
    offset += 2
    print(f'Shellcode length: {shell_len}')
    offset += shell_len
    file_len = int.from_bytes(data[offset:offset+4], 'little')
    offset += 4
    print(f'Encrypted file length: {file_len}')
    encrypted_file = data[offset:offset+file_len]
    print(f'Read {len(encrypted_file)} bytes of encrypted file')
    obfarray = bytearray(b'uwuxxowo')
    key = bytearray(c2_key)
    final = bytearray(8)
    second_xor = bytearray(b'1t5_n0t_th4t_34sy_but_y0u_4r3_pr3tty_cl0s3:)')
    plus = bytearray(b'th1s_w1ll_sur3ly_k33p_th1s_pr0t3ct3d')
    for i in range(8):
        final[i] = obfarray[i] ^ key[i]
    print(f'Final XOR key: {final.hex()}')
    decrypted_data = bytearray(encrypted_file)
    payload_len = len(encrypted_file)
    for i in range(payload_len):
        decrypted_data[i] ^= second_xor[i % 44]
    for i in range(payload_len):
        decrypted_data[i] = ctypes.c_uint8(decrypted_data[i] - plus[i % 36]).value
    for i in range(payload_len):
        decrypted_data[i] ^= final[i % 8]
	with open('./flag.png', 'wb') as f:
		f.write(decrypted_data)
	print('Saved as ./flag.png')

Look at the image and get the flag

Summary#

The LicenseGenerator Challenge on Hack The Box is an hard reverse engineering challenge that involves extracting and decrypting a file from a captured network stream. Participants analyze a .pcapng file using tshark, reconstruct the TCP payload, and reverse a custom encryption scheme involving multiple XOR and subtraction layers. The decryption process reveals an embedded PNG image, from which the flag is obtained. The challenge demonstrates the importance of understanding proprietary encoding schemes and traffic analysis, highlighting the risks of insecure custom encryption and the forensic value of packet captures.