Official RAuth Discussion

Official discussion thread for RAuth. Please do not post any spoilers or big hints.


  • Interesting

  • Anyone can give me a nudge? I don't really see how the instance provided to us comes to play. I reversed/analysed the given bin and found the fake flag, but I'm not sure how to proceed.

  • Take a look at the encryption algorithm (it is there with the name). Debug a little bit for correct data (key, nonce, encrypted data, etc).

  • edited July 7

    How can we 'post' into the given instance? It just displays 'invalid password' but it won't let me enter any password either.

    Never mind, found it.

  • I already found an input string that gets the program print "Successfully Authenticated". However, the string is not in the hackthebox flag format and it is not accepted by the website. Also, the fake flag does not work. So I am a little bit lost at the moment.

  • Alright, figured out. I have to connect a remote server and input the flag there

  • Anyone willing to provide some advice on this one? I've found the initialization of the crypto context, but I'm also somewhat stuck... the key is 33 bytes long; the algo requires 16/32 byte keys. The last byte is 0, but it's not a null byte, it's x30 :|

Sign In to comment.