[CRYPTO] Walzer

@0xEA31 said:
As you may have noticed in the video, basic Walzer is a repeated sequence of three steps. The teacher calls them “step”, “side”, “close”.

Since easy cryptography is involved, you should map these steps with some kind of basic cypher algorithms.

Looking at the starting position, an educated eye should catch the first “step” immediately. What about the others? You choose, but choose wisely because, after three steps, you have to be in a different place, but in the same position.

And remember: you’re dancing, come on don’t be shy, let the music flow and continue. After all, the teacher says: “we can keep that going until the end of the song”. And we do know when the music stops, don’t we?

WaltzBeat

I hereby want to apologize to the author and the HTB staff for my rage. We shouldn’t have raged this hard about the challenge and expressed ourselves in a more polite way. After all this is just a mistake, and we all make mistakes. Let’s not discourage the author from making more challenges! I’m sure he got much more in store than this!

The challenge playtesters need to learn what “crypto” means. Apart from Optimus Prime, the last 4 crypto challenges released have all been dumb guessing games, and a poor reflection of how fascinating and educational good crypto CTF challenges can be.

Still have no idea, should I try rotation and combinations of all pieces of base64 codes?

A worthy replacement for snake

Any help with this? I have no idea what the hints mean

I dont think this challenge is as bad as the above comments make out. Yes the hints are terrible, and yes I’d prefer more modern crypto challenges, but the actual meat of this challenge practices basic skills.

@WarrenVos - (and any one else having a problem starting) Look for a pattern in the bytes after the first decoding, think about what that might imply :wink:

Hello everyone, this is my first posft.

I’m struggling with this challenge, how can I ask for a hint here? I’ve came across some kind of flat that has a heart (<3) but dunno how to continue.

Any help is welcome!

Type your comment> @thecowmilk said:

All you ppl are some bad pu$$!35, leave the creator alone if you can’t solve it, its not his fault, its yours because you know ■■■■! Idk why are you here, to entertain or to be a real cyber security or a real good hacker.

I bet you people that get into hackthebox is in thanks of other people who posted videos how to get in. If you aim to be a cyber security or a hacker, you don’t have to blame the creator how hard is to decipher a hash because if you would be in real life, you would ■■■■ everything up!!

What if you get to get some real hashing in real life from a black hacker, you would shout at him why he made that so secure that your little brain can’t decipher it?? Get a life and if you can’t handle this go away rather that you say some bs…

Wow, so edgy. This challenge has nothing to do with real cybersecurity and a “black hacker” worth his salt would base his security on actual cryptography. I’d rather learn about the ways that RSA, Diffie-Hellmann can be broken in practice than waste learning time trying to decipher a dumb challenge created from stringing together obscure ciphers in Cyberchef.

I did not particularly enjoy this challenge because it relied so much on guessing, this won’t make me severely complain or verbally attack the author. I think many of you forget that this is a free platform, and we have an author here who just thought this might be a good challenge, he didn’t get paid or anything, he did it in his free time because he thought it would be nice.

Try and keep this in mind when you want to lash out against someone providing free content to the site. If you don’t like a challenge, simply give a downvote or come up with some constructive feedback, try not to be a ■■■■ about it.

The fact that I don’t know what to do makes me crazy. I’m actually very curious about the solution.

1 ) I think the first step is to use a very common encoding technique
2 ) The result from the first step is binary. Maybe we should look at some pattern (as someone suggested). There are repeating numbers and from some “prospectives” repeating sequences… but i can’t find a logic behind all this.
3 ) Does mapping bytes (with Walzer steps) implies that we should see them as a two dimensional array?
4 ) Someone said CyberChef. Didn’t know it. A very good site. Is the right algorithm in there? And if there is, maybe the challenge is not related to a custom walzer-cypher (?)

Any hint?

Always thanks to the people that make this platform work (authors and owners).
People have the opportunity to face a problem and learn something new.

Type your comment> @0xEA31 said:

You may be right, you may be wrong. But you should really support your opinions more politely. That’s being said, I leave you all alone.

I agree. There are definitely nicer ways to go about sharing your opinions without all the hate messages. I thought this was supposed to be a community. We are all human and my opinion is that haters are are a lot worse than people who approve 1 in 50 challenges that shouldn’t be approved. This kind of hate is why we have so many people with depression. Well done for your efforts @0xEA31. Some people don’t realise that no one is perfect and they lash out. Don’t let all the hate stop you from making mistakes and learning from them. It’s the only way to become great at it.

@0xEA31 Thanks a lot for your hint it was really clearer :wink:

Plz someone tell me what to do with this sha256: a3108d25bab73b60dd9197102120e180adb3a9572cc00535beedc8bd9405c1a3
*I could see this in all the challenges.
*This is my first challenge…I would be glad if someone spend your time to help to out …

Type your comment> @Anonymousyoyo said:

Plz someone tell me what to do with this sha256: a3108d25bab73b60dd9197102120e180adb3a9572cc00535beedc8bd9405c1a3
*I could see this in all the challenges.
*This is my first challenge…I would be glad if someone spend your time to help to out …

You can use that to make sure the zip you downloaded hasn’t been altered.
If you get the hash of your zip file it should match exactly.
[sha256sum file for linux or Get-FileHash -Algorithm sha256 filename in powershell
It doesn’t have anything to do with the challenge other than a sanity check to make sure your file didn’t get corrupted

Ok. Solved. Thanks to @bjornmorten. Hints

Waltz Dance Steps

  1. Obvious
  2. “Brute Force”
  3. “A very simple form of encryption”

All three are basic ‘encryption’ schemes, do not go into complex encryption which require IV’s. Use CyberChef to find the schemes you need, then use Python to automate it, otherwise doing it manually will take ages, and you might need to ‘dance’ more than once
but do note that unlike the video, the beginning and ending legs are the SAME in this version of dance :wink:

Can anyone please tell me how to solve the second step for this challenge? What we have to look on the binary pattern? I’m stucked on this part for so long already :frowning:

Type your comment> @hyperreality said:

The challenge playtesters need to learn what “crypto” means. Apart from Optimus Prime, the last 4 crypto challenges released have all been dumb guessing games, and a poor reflection of how fascinating and educational good crypto CTF challenges can be.

I have to agree. I would very much prefer challenges about weaknesses in modern crypto and cryptanalysis.

Just to add on, the RsaCtfTools is another good one in the set. Automated tools don’t help much and you’re forced to understand the crypto behind it and think modularly.

Got it. Tried a very obvious ‘key’ for one of the steps.

Type your comment> @0xEA31 said:

I have to admit that I created this challenge with a precise scope: showing how information asymmetry deeply impacts our ability to give an answer to or solve problems.

Information asymmetry occurs when one party has more or better information than the other. This is quite a typical situation with our challenges and boxes: makers (think that they) know everything and players don’t.

There are may facets that we should consider when dealing with information asymmetry. The first one is about the domain of discussion. When the domain is uncertain (or misunderstood), we don’t actually know where to focus on.

So, here you are some clarifications on the “domain of discussion” of this “Easy cryptography made harder in Walzer style”:

First, “easy cryptography” is literally what the general consensus consider “easy” or, if you prefer, “basic”. And remember, “cryptography” is generally an uncountable name.

Second, Walzer refers to the dance. I choose the German word because it originated in Germany (Walzer (Tanz) – Wikipedia). If you read the English version of Wikipedia you can find:

The waltz (from German Walzer [ˈvalt͡sɐ̯]) is a ballroom and folk dance, normally in triple time, performed primarily in closed position.

Walzer

Great hint! Helpd almost right away!