Post

HackTheBox Sugar Free Candies Writeup

Explore the basics of cybersecurity in the Sugar Free Candies Challenge on Hack The Box. This very-easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.

Provided Output

output.txt

1
2
3
4
v1 = 1181239096013650837744125294978177790419553719590172794906535790528758829840751110126012179328061375399196613652870424327167341710919767887891371258453
v2 = 2710472017687233737830986182523923794327361982506952801148259340657557362009893794103841036477555389231149721438246037558380601526471290201500759382599
v3 = 3448392481703214771250575110613977019995990789986191254013989726393898522179975576074870115491914882384518345287960772371387233225699632815814340359065
v4 = 396216122131701300135834622026808509913659513306193

Provided Script

source.py

1
2
3
4
5
6
7
8
9
10
11
12
13
14
from Crypto.Util.number import bytes_to_long

FLAG = open("flag.txt", "rb").read()

step = len(FLAG) // 3
candies = [bytes_to_long(FLAG[i:i+step]) for i in range(0, len(FLAG), step)]

cnd1, cnd2, cnd3 = candies

with open('output.txt', 'w') as f:
    f.write(f'v1 = {cnd1**3 + cnd3**2 + cnd2}\n')
    f.write(f'v2 = {cnd2**3 + cnd1**2 + cnd3}\n')
    f.write(f'v3 = {cnd3**3 + cnd2**2 + cnd1}\n')
    f.write(f'v4 = {cnd1 + cnd2 + cnd3}\n')

Proof of Concept (PoC)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
from sympy import symbols, Eq, solve
from Crypto.Util.number import long_to_bytes
v1 = 1181239096013650837744125294978177790419553719590172794906535790528758829840751110126012179328061375399196613652870424327167341710919767887891371258453
v2 = 2710472017687233737830986182523923794327361982506952801148259340657557362009893794103841036477555389231149721438246037558380601526471290201500759382599
v3 = 3448392481703214771250575110613977019995990789986191254013989726393898522179975576074870115491914882384518345287960772371387233225699632815814340359065
v4 = 396216122131701300135834622026808509913659513306193
cnd1, cnd2, cnd3 = symbols('cnd1 cnd2 cnd3')
eq1 = Eq(cnd1**3 + cnd3**2 + cnd2, v1)
eq2 = Eq(cnd2**3 + cnd1**2 + cnd3, v2)
eq3 = Eq(cnd3**3 + cnd2**2 + cnd1, v3)
eq4 = Eq(cnd1 + cnd2 + cnd3, v4)
solutions = solve((eq1, eq2, eq3, eq4), (cnd1, cnd2, cnd3))
solution = solutions[0]
cnd1_val, cnd2_val, cnd3_val = solution
flag_chunk1 = long_to_bytes(cnd1_val)
flag_chunk2 = long_to_bytes(cnd2_val)
flag_chunk3 = long_to_bytes(cnd3_val)
flag = flag_chunk1 + flag_chunk2 + flag_chunk3
print("Recovered Flag:", flag)

Summary

Sugar Free Candies Challenge on Hack The Box involves reversing a mathematical transformation applied to parts of a split flag. The challenge script splits the flag into three chunks, then computes four equations using different combinations of these chunks raised to powers. The PoC solves these equations using symbolic computation to retrieve the original chunks, which are then converted back to bytes to reconstruct the flag. This challenge highlights techniques in solving polynomial equations and reversing number-based transformations in cryptographic contexts.

This post is licensed under CC BY 4.0 by the author.