Featured image of post SantaLock - DOJO n°29
web cryptography

SantaLock - DOJO n°29

📜 Description

It’s Christmas, and in a whirlwind of festive activity, Santa has misplaced the key to the digital safe containing the Christmas presents! Can you pick the lock and extract the flag in time to save Christmas?

🎅 Proof of Concept

The first step of this challenge is to find the plaintext key from its MD5 hash. This key will then allow us to open the safe and see what it hides!

For this, a famous website named https://crackstation.net/ allows checking whether the MD5 hash has not been generated from a known key in the site’s database.

Once sent, the website returns to us the value of the key that was present in its database! (It is important to choose random keys with a minimum of 12 characters, including special characters, numbers, and letters.)

Key : missionfailed

Now, we open the safe; here is its content:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13

function chiperXOR(v, pincode) {
    if ( pincode.match(/^[0-9]{4}$/) === null ) {
        return Error("The PIN code must be exactly 4 digits long and may only contain digits from 0-9.");
    }
    /* Perform an XOR operation from they provided key for each character in the given input (value) */
    v = v.split("");
    for (let i = 0; i < v.length; i++) {
        v[i] = (String.fromCharCode((v[i].charCodeAt(0)) ^ pincode.charCodeAt(0)));
    }
    /* Combine all the characters to a string and base64 encode the new encrypted value. Then return the value: */
    return btoa( v.join("") )
}
/* Decrypt me (format: "FLAG{...}") => dX9ydEhnWwBsfQBEbHBBSkNHA2xeBxdHAEFO */

The chipherXOR function takes as parameters the value we are going to encrypt and a 4-digit PIN code.

It checks that the PIN indeed consists of 4 digits.

For each character in the plaintext, it performs an XOR operation with the first digit of the PIN, and finally returns the result in base64.

Our goal is to find the first digit of the PIN, which will allow us to recover the plaintext from the provided cipher dX9ydEhnWwBsfQBEbHBBSkNHA2xeBxdHAEFO

The format of the plaintext is FLAG{…}, so we know that the first letter is F. We will therefore bruteforce the digits from 0 to 9 to find the PIN that returns F.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11


cipher = atob("dX9ydEhnWwBsfQBEbHBBSkNHA2xeBxdHAEFO")  
for (let chiffre = 1; chiffre <= 9; chiffre++) {
    chiffre = String(chiffre)
    let resultat = "F".charCodeAt(0) ^ chiffre.charCodeAt(0);
    if (String.fromCharCode(resultat) === cipher[0]) {
      console.log(`First PIN: ${chiffre}`);
    }
  }

/* Returns -> Chiffre: 3 */

Great, the first digit of the PIN is 3 (no need to find the others as they are not used). We can now find all the characters using the PIN 3.

1
2
3
4
5
6
7
8
9


let pincode = "3XXX";
let FLAG = "";
let cipher = atob("dX9ydEhnWwBsfQBEbHBBSkNHA2xeBxdHAEFO")
for(let i = 0; i < cipher.length; i++){ 
    let char_code = cipher.charCodeAt(i) ^ pincode.charCodeAt(0);
    FLAG = FLAG + String.fromCharCode(char_code);
}
console.log(FLAG);

Which returns the result: FLAG{Th3_N3w_Crypt0_m4$t3r}

🎅 Oh oh oh Thank you YesWeHack for this great challenge! Merry Christmas!