All News

<< Next Post - Previous Post >>

Hackfu Challenge 2015 - Solution for Challenge 1

MWR ran a Security Challenge last April, unfortunately I only found out about it 3 days before the dead line! I still managed to solve 3 out of the 7 challenges and really enjoyed them.

The first challenge was especially interesting, as I like cryptography. This was a tough one!!!

The instructions given were

  • You are invited to a game of Poker but must find the password
  • You find a note with written "Pocket RC4"
  • You find a deck of card ordered from Ace to King with the following "couple" suits: {Diamond, Club}, {Heart and Spade}. This mean AD, AC, 2D, 2C....KH, KS
  • You find a note with the following written on it: "WEMUSTFOLLOWTHEWHITERABBITANHXJRAAZEBYYOMNWPBKGZOGY"

  • That's pretty much it! Below is how I solve this challenge and cracked the code:

    I used information on PocketRC4 from:
    HERE and HERE to recreate the cypher in a shell script (see link at the end)
    Here is a description on how the script works:
    1. Set IV to “WEMUSTFOLLOWTHEWHITERABBIT"
    2. Convert each IV letter to a numerical value (A=1 …. Z=26)
    3. Create a deck of cards with pairs of red/black card value:
    Low values range from 1 to 13 and high values range from 14 to 26.
    From the instructions in the orders.txt file we have following suits: DCHS
    - If we take the suits order from the rules of bridge (Low to High: HCDS) then we would have High, Low, Low High. (14,1 15,2… 1,14 2,15....)But this produces the wrong password.
    - If we take the suits order from the rules of poker (Low to High: CDHS) then we would have Low, Low, High, High. (1,1 2,2 … 14,14 15,15….) But this produces the wrong password.
    - Looking at the MWR tweet clue for this challenge: "He Shall Conquer Dragon", this produces HSCD. So... with a bit of scratching your head, taking the rules of poker for High to Low, then the starting values for the deck are: High, High, Low, LoW. This is because Heart and Spade are high suits and the first letters of the "clue" tells us "HS" then "CD".
    14,14 15,15…. 1,1 2,2 ,etc.
    - I am not this is really standard PocketRC4, but why not... in any case, PocketRC4 is pretty much just a concept, so the challenge can complicate things a little. (Or they made a mistake when creating that challenge? ;)
    I am storing those values in an array.
    Because there will always be a red,black,red,black….red,black combo, I am identifying RED and BLACK by
    - Starting my array at index 1 (rather than 0)
    - odd index numbers are Red, even index numbers are Black
    - So deck[1] 1 and is red, deck[2] 1 and is black.

    4. Initialising the Deck with IV
    4.a. Take the value of the first letter from the IV
    4.b. search for that letter value in the deck
    4.c Is the index odd (Red) or even (Black)?
    If Odd, then continue to search for the letter value and go to 4.c
    if Even, stop searching, you found the black card and go to 4.d.
    4.d Take the red card (deck[j-1]) above the black card (deck[j]) and swap it with the top red card (deck[1])
    4.e Move the red card (deck[j-1]) and the black card (deck[j]) to the bottom of the deck (deck[51] and deck[52])
    4.f Move the top Red card (deck[1]) and top Black card (deck[2]) to the bottom of the deck.
    4.g Start again with the next IV letter value and for to 4.b

    5. Decrypting
    5.a Set the cipher text to "ANHXJRAAZEBYYOMNWPBKGZOGY"
    5.b for each letter from the cipher text do the following
    5.c Assign the value of the bottom red card (deck[51]) to j
    5.d Add the value of the top red card (deck[1]) to j and modulo 26 the result. Save the result a ‘j'
    because 26%26 0, and our alphabet starts with 1, when a 0 is found it is converted to 26 (letter Z)
    5.e Find the (position) black card with the same value as j
    5.f Add the value of the red card just above the black card (deck[(position - 1) to the top red card (deck[1]) and modulo 26 the results. Save the result to ‘k’
    because 26%26 0, and our alphabet starts with 1, when a 0 is found it is converted to 26 (letter Z)
    5.g Take the value of the letter from the cipher text being decrypted and subtract k and modulo 26 the result
    because 26%26 0, and our alphabet starts with 1, when a 0 is found it is converted to 26 (letter Z)
    If the result of the modulo is negative then add 26
    ->The result is the cleartext letter.
    5.h Exchange the two red card (deck[position - 1)] and (deck[1])
    5.i Move the top two card (deck[1]) and (deck[2]) to the bottom of the deck
    5.j Start again with the next letter from the cipher string and go to 5.c (to assign j again)

    Doing all the steps above with the attached shell script produce the following answer:
    corvusoculumcorvinoneruit

    Which is latin for :
    "a crow will not pull out the eye of another crow." It’s essentially the same as "honor amongst thieves,"
    You can use “corvusoculumcorvinoneruit” as the passphrase to decrypt the file for this challenge

    The script created to solve this challenge is available from the DOWNLOAD SECTION (a shell script, running on Bash 4.2+ only… i.e.: Kali)

    << Next Post - Previous Post >>