Cryptohorrific

Just finished it after a week of wondering where I was going wrong. For anyone not using a mac to open the files, be careful what non-printable characters are present in the files and what they mean, chances are you have one thing wrong with your ciphertext.
Happy to help through DM.

So I’ve managed to get the encrypted flag and what i think is the IV and Key, but when i run it through openssl I get more encrypted text as a result. If anyone has any tips on how to solve this or hints please PM me.

So finally completed this

can any one help me out??

I managed to solve the challenge thanks to some comments here, but I had to use some trial and error. Could anyone send me an PM pointing to where the encryption mode (CBC, ECB, CTR …) is shown in the code?

@MrReh said:
can any one help me out??

Where are you at in the challenge? What did you manage to do?

PM You @bananabr

Anyone able to send me a PM I feel I have everything i just need to confirm as I cant seem to get it working

Type your comment> @hudson96 said:

Anyone able to send me a PM I feel I have everything i just need to confirm as I cant seem to get it working

sure

solved, feel free to PM me

To anyone who struggles to make sense of the IDA assembly code - I found this resource very useful:

And this is a handy tool to play with decoding/decryption etc.:

Hi guys, easy challenge. All you need is r2 (or Ida or Ghydra) and then something like Openssl or Cyberchef. Make sure to identify a certain function related to encryption (it’s a staple for OSX binaries) and then its parameters. It’s all pretty straightforward, so do not overthink. Finally, decode something and use the parameters to decrypt that something. Just make sure to decode the right thing, or you would get an error.

Hey, I’m pretty sure I have all the data needed (ciphertext, key and IV) but it doesnt decrypt clear text…
Can someone PM me to tell me whats wrong please ?

This challenge made me crazy, I have IV key and flag hash, but the flag hash should through hex after decoding may I have corrupted hash, please anyone have and idea PM me.

The struggle was real, first time I see plist files. I had the correct approach, key and IV in a couple minutes, then struggled for a full day because I was trying to decipher the wrong string.

Finally, out of desperation, googling random substrings within the plist file led me to discover that plistutil exists.

Hello, I’m struggling with the decryption, I think I found everything that I need (The hash,IV and Key) but I always get the error “bad magic number”.

Can someone give me a nudge? Thanks in advice.

Hello everyone. I’m stuck in the decryption as well.

  1. Used plistutil to get flag
  2. Used IDA to get key, IV
  3. Decoded them into hex
  4. Testing out with AES using CyberChef

I can’t figure out what I’m missing or overlooking. I’d appreciate if someone could help me out.

The encrypted flag is in base64, you have to decode it before CyberChef phase, try all mode

Quite a nice one…! Thank you @bsecure for creating it.

I think there are plenty of hints here already, but following from up @oct3t’s hints, one thing I would also suggest is when you are trying to decrypt, make sure you understand what encoding you are using and what encoding the tool expects. Cooking this with the CyberChef makes it eeee-Zeeee.