<- CRYPTO

Android-in-the-middle

2 minutes to read

We have the Python source code to launch a local instance for the challenge:

$ python3 source.py  

$ nc 127.0.0.1 1337
DEBUG MSG - Generating The Global DH Parameters
DEBUG MSG - g = 2, p = 10177459997049772558637057109490700048394574760284564283959324525695097805837401714582821820424475480057537817583807249627119267268524840254542683041588432363128111683358536204391767254517057859973149680238170237977230020947732558089671785239121778309357814575486749623687357688511361367822815452806637006568922401890961240475060822815400430220536180181951862931844638638933951683988349468373510128406899660648258602475728913837826845743111489145006566908004165703542907243208106044538037004824530893555918497937074663828069774495573109072469750423175863678445547058247156187317168731446722852098571735569138516533993  
DEBUG MSG - Calculation Complete

DEBUG MSG - Generating The Public Key of CPU...
DEBUG MSG - Calculation Complete
DEBUG MSG - Public Key is: ???

Enter The Public Key of The Memory:

Taking a look at the source code, we see that the program expects a number $M$ from us to generate a shared secret.

It is employing a sort of Diffie-Hellman key exchange algorithm, but not correctly. In fact, the program asks for a number $M$ so that the shared secret will be $M^c \mod{p}$, where $c$ is an unknown random number and $p$ is a fix modulus that we know from the source code and the debug message above:

    shared_secret = pow(M, c, p)

Then, this shared secret is used to decrypt a message from us. If we were able to provide an encrypted message so that it decrypts as "Initialization Sequence - Code 0", we will get the flag:

    encrypted_sequence = recieveMessage(
        s, "Enter The Encrypted Initialization Sequence: ")

    try:
        encrypted_sequence = bytes.fromhex(encrypted_sequence)
        assert len(encrypted_sequence) % 16 == 0
    except:
        sendMessage(s, DEBUG_MSG + "Unexpected Error Occured\n")
        exit()

    sequence = decrypt(encrypted_sequence, shared_secret)

    if sequence == b"Initialization Sequence - Code 0":
        sendMessage(s, "\n" + DEBUG_MSG +
                    "Reseting The Protocol With The New Shared Key\n")  
        sendMessage(s, DEBUG_MSG + f"{FLAG}")
    else:
        exit()

Recall that the shared secret is computed as $M^c \mod p$, and we control $M$, so if we enter $M = 1$, the shared secret will be just $1$. So we can use the same encryption method to encrypt "Initialization Sequence - Code 0" and send the ciphertext.

$ python3 solve.py 165.227.224.55:31355
[+] Opening connection to 165.227.224.55 on port 31355: Done
DEBUG MSG - HTB{7h15_15_cr3@t3d_by_Danb3er_@nd_h@s_c0pyr1gh7_1aws!_!}  
[*] Closed connection to 165.227.224.55 port 31355

The full script can be found in here: solve.py.