Cryptohorrific

Hello everyone. I’m stuck in the decryption as well.

  1. Used plistutil to get flag
  2. Used IDA to get key, IV
  3. Decoded them into hex
  4. Testing out with AES using CyberChef

I can’t figure out what I’m missing or overlooking. I’d appreciate if someone could help me out.

The encrypted flag is in base64, you have to decode it before CyberChef phase, try all mode

Quite a nice one…! Thank you @bsecure for creating it.

I think there are plenty of hints here already, but following from up @oct3t’s hints, one thing I would also suggest is when you are trying to decrypt, make sure you understand what encoding you are using and what encoding the tool expects. Cooking this with the CyberChef makes it eeee-Zeeee.

Ok, got it now. Thank you !

Could anyone PM me, I know there’s a lot of hints in here but I’m not entirely sure that I’m doing this correctly.

Thx in advance :slight_smile:

Alright, never mind I found it after a couple of weeks try :smiley:

Feel free to PM me if u have any questions :slight_smile:

As an iOS Developer and hobbyist Hackthebox solver - this was really fun! Felt like home, wrote a short Playground file in Xcode to decode the flag and voila ?

Fun challenge. A bit of trial and error in the end. I used Ghidra for finding some of the stuff you need :slight_smile:

ahh finally. forum helped lot. also cyberchef gives all for the output of IDP

I really were on another long bath before I read all comments here … thank you all, and ofcourse a lot of thank to the creator … I have learn a lot

got the flag, id and title, decrypt the flag first to base64, then aes that with title-key-iv, I would appreciate some light :blush:

Type your comment> @oct3t said:

Hello everyone. I’m stuck in the decryption as well.

  1. Used plistutil to get flag
  2. Used IDA to get key, IV
  3. Decoded them into hex
  4. Testing out with AES using CyberChef

I can’t figure out what I’m missing or overlooking. I’d appreciate if someone could help me out.

Im using Kali Linux… trying to figure this challenge out… having trouble figuring out how to use plistutil… I did some searches and installed the libplist-utils package and libplist3, and attempted to use the same commands i found on those sites, but no matter what i type, I get “command not found” whether sudo or not.

I’m not understanding how to actually view the plist files?? Any help would be appreciated

(using kali Linux)

any hint so i can reverse and get the k** and *v ? that’s what remains to me

Type your comment

anybody got a hint
like please the last part is killing me

@quantumtheory said:
Type your comment> @oct3t said:

Hello everyone. I’m stuck in the decryption as well.

  1. Used plistutil to get flag
  2. Used IDA to get key, IV
  3. Decoded them into hex
  4. Testing out with AES using CyberChef

I can’t figure out what I’m missing or overlooking. I’d appreciate if someone could help me out.

Im using Kali Linux… trying to figure this challenge out… having trouble figuring out how to use plistutil… I did some searches and installed the libplist-utils package and libplist3, and attempted to use the same commands i found on those sites, but no matter what i type, I get “command not found” whether sudo or not.

I’m not understanding how to actually view the plist files?? Any help would be appreciated

(using kali Linux)

cd ./that directory
plistutil -i challenge.plist

cool chalenge :slight_smile:
i used ghidra to find useful strings , idk why i cant see them on ida :confused:
pm me for nudges :slight_smile:

So I’ve used IDA and ghidra to try and reverse the key and iv but to no avail. My reversing skills are a little rusty if not none existent. Would love a little nudge in the right direction to find them. I already know the algorithm used to hash everything just from these two bits of information.

! I already did find an interesting function but not sure there is anything in there: SecretManager:key:iv:data

Type your comment> @bananabr said:

I managed to solve the challenge thanks to some comments here, but I had to use some trial and error. Could anyone send me an PM pointing to where the encryption mode (CBC, ECB, CTR …) is shown in the code?

rabin2 -i
it shows some interesting function names, one of them is the standard provided by Apple in order to help with encryption stuffs.

The default mode is CBC, but some little further research reveal that something is not properly implemented and it could results in ECB where the IV is not actually relevant.
If the IV is not provided, it will be inizialyzed to all zeroes by default.

I didn’t know about that and I’m not very involved in mobile apps envirorment, so I can say that this chall teach me something new, as well as forcing me to look at some RE.

Hi guys,

At the moment i have the flag and the key … But i need some help to decrypt this flag