Post

HackTheBox SPG Writeup

Posted
By x3ric
1 min read

Explore the basics of cybersecurity in the SPG Challenge on Hack The Box. This very-easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.

Provided Output

output.txt

1
2

Your Password : t*!zGnf#LKO~drVQc@n%oFFZyvhvGZq8zbfXKvE1#*R%uh*$M6c$zrxWedrAENFJB7xz0ps4zh94EwZOnVT9&h
Encrypted Flag : GKLlVVw9uz/QzqKiBPAvdLA+QyRqyctsPJ/tx8Ac2hIUl8/kJaEvHthHUuwFDRCs

Server Script

server.py

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

from hashlib import sha256
import string, random
from secret import MASTER_KEY, FLAG
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad
from base64 import b64encode

ALPHABET = string.ascii_letters + string.digits + '~!@#$%^&*'

def generate_password():
    master_key = int.from_bytes(MASTER_KEY, 'little')
    password = ''

    while master_key:
        bit = master_key & 1
        if bit:
            password += random.choice(ALPHABET[:len(ALPHABET)//2])
        else:
            password += random.choice(ALPHABET[len(ALPHABET)//2:])
        master_key >>= 1

    return password

def main():
    password = generate_password()
    encryption_key = sha256(MASTER_KEY).digest()
    cipher = AES.new(encryption_key, AES.MODE_ECB)
    ciphertext = cipher.encrypt(pad(FLAG, 16))

    with open('output.txt', 'w') as f:
        f.write(f'Your Password : {password}\nEncrypted Flag : {b64encode(ciphertext).decode()}')

if __name__ == '__main__':
    main()

Proof of Concept (PoC)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

from hashlib import sha256
from Crypto.Cipher import AES
from base64 import b64decode
import string

password = "t*!zGnf#LKO~drVQc@n%oFFZyvhvGZq8zbfXKvE1#*R%uh*$M6c$zrxWedrAENFJB7xz0ps4zh94EwZOnVT9&h"
encrypted_flag = "GKLlVVw9uz/QzqKiBPAvdLA+QyRqyctsPJ/tx8Ac2hIUl8/kJaEvHthHUuwFDRCs"
ALPHABET = string.ascii_letters + string.digits + '~!@#$%^&*'
first_half = ALPHABET[:len(ALPHABET)//2]
second_half = ALPHABET[len(ALPHABET)//2:]

master_key_bits = []
for char in password:
    if char in first_half:
        master_key_bits.append(1)
    else:
        master_key_bits.append(0)

master_key = 0
for bit in reversed(master_key_bits):
    master_key = (master_key << 1) | bit

MASTER_KEY = master_key.to_bytes((master_key.bit_length() + 7) // 8, 'little')
encryption_key = sha256(MASTER_KEY).digest()
cipher = AES.new(encryption_key, AES.MODE_ECB)
ciphertext = b64decode(encrypted_flag)
flag = cipher.decrypt(ciphertext)
print(f"Recovered MASTER_KEY (hex): {MASTER_KEY.hex()}")
print(f"Flag: {flag.decode()}")

Summary

SPG on Hack The Box involves reconstructing the MASTER_KEY from a password by analyzing bit patterns based on character positions in the ALPHABET. This key is then used to decrypt the encrypted_flag, revealing the original FLAG. The challenge demonstrates techniques in key derivation, AES decryption, and encoding management.

challenge
htb challenge writeup linux crypto
This post is licensed under CC BY 4.0 by the author.