[CRYPTO] Walzer



  • I dont think this challenge is as bad as the above comments make out. Yes the hints are terrible, and yes I'd prefer more modern crypto challenges, but the actual meat of this challenge practices basic skills.

    @WarrenVos - (and any one else having a problem starting) Look for a pattern in the bytes after the first decoding, think about what that might imply ;)

    Click here for HTB Profile: You are welcome to contact me for a nudge, but if I help you, please consider giving respect.

  • Hello everyone, this is my first posft.

    I'm struggling with this challenge, how can I ask for a hint here? I've came across some kind of flat that has a heart (<3) but dunno how to continue.

    Any help is welcome!

  • edited January 2020

    Type your comment> @thecowmilk said:

    All you ppl are some bad pu$$!35, leave the creator alone if you can't solve it, its not his fault, its yours because you know shit! Idk why are you here, to entertain or to be a real cyber security or a real good hacker.

    I bet you people that get into hackthebox is in thanks of other people who posted videos how to get in. If you aim to be a cyber security or a hacker, you don't have to blame the creator how hard is to decipher a hash because if you would be in real life, you would fuck everything up!!

    What if you get to get some real hashing in real life from a black hacker, you would shout at him why he made that so secure that your little brain can't decipher it?? Get a life and if you can't handle this go away rather that you say some bs.....

    Wow, so edgy. This challenge has nothing to do with real cybersecurity and a "black hacker" worth his salt would base his security on actual cryptography. I'd rather learn about the ways that RSA, Diffie-Hellmann can be broken in practice than waste learning time trying to decipher a dumb challenge created from stringing together obscure ciphers in Cyberchef.

  • I did not particularly enjoy this challenge because it relied so much on guessing, this won't make me severely complain or verbally attack the author. I think many of you forget that this is a free platform, and we have an author here who just thought this might be a good challenge, he didn't get paid or anything, he did it in his free time because he thought it would be nice.

    Try and keep this in mind when you want to lash out against someone providing free content to the site. If you don't like a challenge, simply give a downvote or come up with some constructive feedback, try not to be a dick about it.

  • The fact that I don't know what to do makes me crazy. I'm actually very curious about the solution.

    1 ) I think the first step is to use a very common encoding technique
    2 ) The result from the first step is binary. Maybe we should look at some pattern (as someone suggested). There are repeating numbers and from some "prospectives" repeating sequences... but i can't find a logic behind all this.
    3 ) Does mapping bytes (with Walzer steps) implies that we should see them as a two dimensional array?
    4 ) Someone said CyberChef. Didn't know it. A very good site. Is the right algorithm in there? And if there is, maybe the challenge is not related to a custom walzer-cypher (?)

    Any hint?

    Always thanks to the people that make this platform work (authors and owners).
    People have the opportunity to face a problem and learn something new.

  • Type your comment> @0xEA31 said:

    You may be right, you may be wrong. But you should really support your opinions more politely. That's being said, I leave you all alone.

    I agree. There are definitely nicer ways to go about sharing your opinions without all the hate messages. I thought this was supposed to be a community. We are all human and my opinion is that haters are are a lot worse than people who approve 1 in 50 challenges that shouldn't be approved. This kind of hate is why we have so many people with depression. Well done for your efforts @0xEA31. Some people don't realise that no one is perfect and they lash out. Don't let all the hate stop you from making mistakes and learning from them. It's the only way to become great at it.

  • @0xEA31 Thanks a lot for your hint it was really clearer ;)

  • Plz someone tell me what to do with this sha256: a3108d25bab73b60dd9197102120e180adb3a9572cc00535beedc8bd9405c1a3
    *I could see this in all the challenges.
    *This is my first challenge...I would be glad if someone spend your time to help to out ...

  • Type your comment> @Anonymousyoyo said:

    Plz someone tell me what to do with this sha256: a3108d25bab73b60dd9197102120e180adb3a9572cc00535beedc8bd9405c1a3
    *I could see this in all the challenges.
    *This is my first challenge...I would be glad if someone spend your time to help to out ...

    You can use that to make sure the zip you downloaded hasn't been altered.
    If you get the hash of your zip file it should match exactly.
    [sha256sum file for linux or Get-FileHash -Algorithm sha256 filename in powershell
    It doesn't have anything to do with the challenge other than a sanity check to make sure your file didn't get corrupted

  • edited March 2020

    Ok. Solved. Thanks to @bjornmorten. Hints

    Waltz Dance Steps
    1. Obvious
    2. "Brute Force"
    3. "A very simple form of encryption"

    All three are basic 'encryption' schemes, do not go into complex encryption which require IV's. Use CyberChef to find the schemes you need, then use Python to automate it, otherwise doing it manually will take ages, and you might need to 'dance' more than once
    but do note that unlike the video, the beginning and ending legs are the SAME in this version of dance :wink:

  • Can anyone please tell me how to solve the second step for this challenge? What we have to look on the binary pattern? I'm stucked on this part for so long already :(

  • Type your comment> @hyperreality said:

    The challenge playtesters need to learn what "crypto" means. Apart from Optimus Prime, the last 4 crypto challenges released have all been dumb guessing games, and a poor reflection of how fascinating and educational good crypto CTF challenges can be.

    I have to agree. I would very much prefer challenges about weaknesses in modern crypto and cryptanalysis.

    Just to add on, the RsaCtfTools is another good one in the set. Automated tools don't help much and you're forced to understand the crypto behind it and think modularly.

  • Got it. Tried a very obvious 'key' for one of the steps.


    To contact me, please use Discord Myrtle#5162

  • Type your comment> @0xEA31 said:

    I have to admit that I created this challenge with a precise scope: showing how information asymmetry deeply impacts our ability to give an answer to or solve problems.

    Information asymmetry occurs when one party has more or better information than the other. This is quite a typical situation with our challenges and boxes: makers (think that they) know everything and players don't.

    There are may facets that we should consider when dealing with information asymmetry. The first one is about the domain of discussion. When the domain is uncertain (or misunderstood), we don't actually know where to focus on.

    So, here you are some clarifications on the "domain of discussion" of this "Easy cryptography made harder in Walzer style":

    First, "easy cryptography" is literally what the general consensus consider "easy" or, if you prefer, "basic". And remember, "cryptography" is generally an uncountable name.

    Second, Walzer refers to the dance. I choose the German word because it originated in Germany (https://de.wikipedia.org/wiki/Walzer_(Tanz)). If you read the English version of Wikipedia you can find:

    The waltz (from German Walzer [ˈvalt͡sɐ̯]) is a ballroom and folk dance, normally in triple time, performed primarily in closed position.


    Great hint! Helpd almost right away!

Sign In to comment.