[crypto] Flippin_Bank

let's go

m4nu

Valiant, nothing is impossible.
Lock by lock and one after the other is the key. You cannot open door number 9 until you have unlocked number 8.

Comments

  • Very nice challenge I like this type of crypto, I've done little bruteforce in the end because something appeared 16 bytes far away of my calculation but in the end it's not so difficult just look at the encryption mode of operation

    Hack The Box

  • Thanks for the challenge P3t4. Was fun.

    snuggles

  • Nice challenge but a little bit overpriced, 10 points is more than enough

    joeblogg801

  • edited May 25
    Very nice and educational challenge
  • Cool challenge. Finally some modern crypto here. No brute force required - just understand the attack and flip away.

  • got it, cool challenge, feel free to PM me

    m4nu

    Valiant, nothing is impossible.
    Lock by lock and one after the other is the key. You cannot open door number 9 until you have unlocked number 8.

  • The unintended solution has been patched. I am very sorry about that.
    Thank you guys for your feedback!

  • edited May 24

    Is it normal that the server does not respond? Nvm I looked for a web interface and didn't read the instructions... :-1:

  • edited May 30

    I just can't recreate what hex() does and how to do the decryption

  • Do we have to bruteforce this? Can anyone give me a nudge please?

  • edited June 4

    I've never done this before so I had to do some research, and then analyze what the app is doing. This was an excellent learning exercise about this kind of crypto. I feel like I just did a homework assignment out of a cryptanalysis textbook.

    No brute force required but it will require a bit of reading the code and analyzing aspects of the cipher algorithm to know what to manipulate without messing everything else up. You won't need to get into intricate algorithmic details, just basic structure. It's all right there though.

    LegendarySpork

    LegendarySpork

  • Kind of stuck. My cryptoanalysis only went as far as noticing common patterns with different username/password combinations...nudges would be greatly appreciated!

  • Would appreciate a little bit of help to this one as it is the first time I'm dealing with crypto and I would like to learn something new. Thanks

  • Thanks a lot to @alienum , I finally got it in the end, Nice challenge.

  • Great @P3t4 !! Very nice and educational challenge. However, i have some doubt. Someone to discuss about it?

    If you have questions, feel free to PM me.

  • the name of the challenge is a big hint everyone :) i suffered a couple of hours reading up on crypto until i stumbled on the attack that has to be done here

  • Before I overcomplicate this thing again, please hit me up with a little nudge.

    Already sunk 2h in it, wrote my own code, now started reading into ["The name of that old database"]-attacks, which isn't exactly simple, at least not for me.

    Hack The Box

  • @federella and @Szkiel you can pm me if need it

  • Amazing challenge, definitely glad to have done this, thank you!!

  • I can modify the byte target successfully , but previous block gets messed up.
    Any help?

  • edited July 24

    python3 app.py
    Traceback (most recent call last):
    File "app.py", line 7, in
    from secret import FLAG
    ModuleNotFoundError: No module named 'secret'

    :-/

    Edit: I am stupid :)
    Edit 2: I am stuck hard as hell... I think, I am at the last 20% of the challenge :neutral: Hope, someone could help me

    Edit 3: FINALLY I got it! Thanks very much to my new best friends @alienum and @Civero for helping me and being very patient.
    @P3t4: Very nice challenge! I learnt so much about python, crypto and how to use instances here ;)

    I think this challenge is hard for newbies in python and crypto, but it was very nice and I'm glad I solved it

    Hack The Box

    Hello friend. Hello friend? I am always happy to help you, but also expect clear information about what you have achieved so far. Together we will raise the flag!
    Remember: Giving respect is a matter of honor

  • edited August 20
    Type your comment> @tXxc said:
    > python3 app.py
    > Traceback (most recent call last):
    > File "app.py", line 7, in
    > from secret import FLAG
    > ModuleNotFoundError: No module named 'secret'
    >
    > :-/
    >
    > Edit: I am stupid :)
    > Edit 2: I am stuck hard as hell... I think, I am at the last 20% of the challenge :neutral: Hope, someone could help me
    >
    > Edit 3: FINALLY I got it! Thanks very much to my new best friends @alienum and @Civero for helping me and being very patient.
    > @P3t4: Very nice challenge! I learnt so much about python, crypto and how to use instances here ;)
    >
    > I think this challenge is hard for newbies in python and crypto, but it was very nice and I'm glad I solved it

    Hey, I'm stuck on "no module named secret" and "Name FLAG not defined" too I've done pretty much everything else it's just this bit... Can you please hint me to the right direction, am I missing any libraries or something :/
  • @hngrychckn412
    Hey :)
    the module 'secret' and the variable 'flag' are used in CTFs to save the flag in an other module and not in the file, that you downloaded.
    The script is running in an instance, you can start a new one within the challenge-menu in crpyto -> Flippin Bank

    Hack The Box

    Hello friend. Hello friend? I am always happy to help you, but also expect clear information about what you have achieved so far. Together we will raise the flag!
    Remember: Giving respect is a matter of honor

  • Seen quite a few comments struggling with No module named 'flag':
    If you wanna test locally, all you have to do is create a file called secret.py in the same folder you are trying to run app.py from, and in that file just type FLAG = "Anything really..".

    This way, when app.py is trying to import the secret module, it will find something to import, and won't throw an error. This way you can also define something to print, when you make your local instance print the flag. Hope this helps out someone :)

    Marcix

  • Type your comment> @tXxc said:

    python3 app.py
    Traceback (most recent call last):
    File "app.py", line 7, in
    from secret import FLAG
    ModuleNotFoundError: No module named 'secret'

    :-/

    Edit: I am stupid :)
    Edit 2: I am stuck hard as hell... I think, I am at the last 20% of the challenge :neutral: Hope, someone could help me

    Edit 3: FINALLY I got it! Thanks very much to my new best friends @alienum and @Civero for helping me and being very patient.
    @P3t4: Very nice challenge! I learnt so much about python, crypto and how to use instances here ;)

    I think this challenge is hard for newbies in python and crypto, but it was very nice and I'm glad I solved it

    can you help me out bro?

  • Hello, can someone send me a PM in order to give discuss this challenge and maybe give me some hints about it? Thanks

  • man I need nudge

  • I feel like I am super close, I understand how the CBC encryption works, I just cant seem to think of how to rearrange it in such a way that the entire thing doesn't get ruined.

  • Never mind, i finally googled the name of the challenge with the encryption type and solved it pretty quick after that.

Sign In to comment.