Makeshift Writeup - Cyber Apocalypse 2024

Last update: March 24, 2024

1 Introduction
2 Key Techniques
3 Artifacts Summary
4 Static Analysis
- 4.1 output.txt
- 4.2 source.py
5 Implementing the decoder
6 Obtaining the flag
7 Conclusion

→ 1 Introduction

This writeup covers the Makeshift Crypto challenge from the Hack The Box Cyber Apocalypse 2024 CTF, which was rated as having a ‘very easy’ difficulty. The challenge involved implementing a decoder for a provided Python encoder.

The description of the challenge is shown below.

→ 2 Key Techniques

The key techniques employed in this writeup are:

Manual Python source code review
Adapting existing Python source code

→ 3 Artifacts Summary

The downloaded artifact had the following hash:

$ shasum -a256 crypto_makeshift.zip
a692a0c129fe0bb43190d6133d2e5ec52beb7e5261bf5fd541028e761047304d  crypto_makeshift.zip

The zip file contained a single Python source code file, source.py, and output.txt:

$ unzip crypto_makeshift.zip
Archive:  crypto_makeshift.zip
   creating: challenge/
  inflating: challenge/source.py
 extracting: challenge/output.txt

$ shasum -a256 challenge/*
f54f516a925e53b3cf97cb4b21c01c9bb36821582d18ac06d07f9ec5fed9d589  challenge/output.txt
b5c59a96f342d04b4d782a418c907c3d77039c9b24022f75fc11ec7aad24444c  challenge/source.py

→ 4 Static Analysis

→ 4.1 output.txt

output.txt was presumed to contain the encoded flag, given the presence of ‘THB’ at the end:

$ cat output.txt
!?}De!e3d_5n_nipaOw_3eTR3bt4{_THB

→ 4.2 source.py

source.py contains Python code that encodes the flag as follows:

Line 3 reverses the flag
Lines 6-9 swaps characters within every 3 character block by cyclically rotating characters left. For example ‘123’ becomes ‘231’

from secret import FLAG

flag = FLAG[::-1]
new_flag = ''

for i in range(0, len(flag), 3):
    new_flag += flag[i+1]
    new_flag += flag[i+2]
    new_flag += flag[i]

print(new_flag)

→ 5 Implementing the decoder

decode.py was implemented that does the opposite of what source.py does:

Lines 1-2 read the encoded flag from output.txt
Lines 6-10 reverse the 3 character block encoding performed by source.py
Line 12 prints the reversed flag

with open("output.txt", "r") as f:
    flag = f.read().strip('\n')

    new_flag = ''

    for i in range(0, len(flag), 3):
        # encrypted as middle, last, first so we decrypt back
        new_flag += flag[i+2]
        new_flag += flag[i]
        new_flag += flag[i+1]

    print(new_flag[::-1])

→ 6 Obtaining the flag

The script was run and the flag was obtained:

$ python3 decrypt_writeup.py
HTB{4_b3tTeR_w3apOn_i5_n3edeD!?!}

→ 7 Conclusion

The flag was submitted and the challenge was marked as pwned