Flip | TryHackMe Walkthrough
The room here Flip is a Crypto Based one. Here we needs to analyze the given task file with source code and decrypt the ciphers using Block cipher mode Operations.
What is Block Cipher Mode Operation ?
In cryptography, a block cipher mode of operation is an algorithm that uses a block cipher to provide information security such as confidentiality or authenticity. A block cipher by itself is only suitable for the secure cryptographic transformation (encryption or decryption) of one fixed-length group of bits called a block. A mode of operation describes how to repeatedly apply a cipher’s single-block operation to securely transform amounts of data larger than a block.
Most modes require a unique binary sequence, often called an initialization vector (IV), for each encryption operation. The IV has to be non-repeating and, for some modes, random as well. The initialization vector is used to ensure distinct ciphertexts are produced even when the same plaintext is encrypted multiple times independently with the same key. Block ciphers may be capable of operating on more than one block size, but during transformation the block size is always fixed. Block cipher modes operate on whole blocks and require that the last part of the data be padded to a full block if it is smaller than the current block size. There are, however, modes that do not require padding because they effectively use a block cipher as a stream cipher.
Historically, encryption modes have been studied extensively in regard to their error propagation properties under various scenarios of data modification. Later development regarded integrity protection as an entirely separate cryptographic goal. Some modern modes of operation combine confidentiality and authenticity in an efficient way, and are known as authenticated encryption modes.
If we summarize this process into a formula, it would look like:
Ci = EK(Bi ⊕ Ci-1)where EK denotes the block encryption algorithm using key K, and Ci-1 is the cipher corresponding to Bi-1.
Similarly, decryption using the CBC can be done using:
Bi = DK(Ci)⊕(Ci-1)where DK denotes the block decryption algorithm using key K.
Task 1 : Source Code
- Download the source code
Download the source code given in the task 1
Task 2 : What is the Flag ?
- What is the flag?
Log in as the admin and capture the flag! click on the Start Machine button to fire up the Virtual Machine. The server is listening on port 1337 via TCP. You can connect to it using Netcat or any other tool you prefer.
command > netcat 10.10.225.234 1337
Then type that give user name as admin and password “sUp3rPaSs1” from analyzing the given source code
here we can see the password “sUp3rPaSs1”
Then we get a message on terminal “Not that easy :)”
because this room is a crypto type one, so we need to find leaked cipher or ciphers to decrypt
let’s try for getting leaked cipher. Here I am changing the username admin to bdmin then try once again
here we get that leaked cipher ! then decrypt the leaked cipher to actul cipher.
back to that given source code
classify the given string of username password like 16 bit here I am padded last string with some extra characters
we can count this using python counter
and classify that leaked cipher into 32 bits like given picture below (in the case of cipher two digits is one bit )
here the first row of 16 bit character “access_name=” is equal to cipher “721bced835ef9aa99808e86e26a28e6” and second and third like this.
Here we have the cipher of bdmin, then we needs to find cipher of admin using XOR operation. xor operation is a logical operation that compares the input values (bits) and generates the output value (bit). The exclusive OR logic is very simple. If the input values are the same, the output is 0 (or false). If the input values are different, the result is 1 (or true).
There are various symbols used for the XOR operation, for example ⊕, ^, XOR, or EXOR. The Boolean expression for the XOR operation is:
�⋅�‾+�‾⋅�=�A⋅B+A⋅B=Y; or �⊕�=�A⊕B=Y
in this case we take “a” from access_username and “b” from bdmin. Value of a=72 and the value of b=31; (value of b is actually decrypted value of b)
here is the formula that we are going to apply on these values: a xor dec(b) = b
then we need to find actual value of b
on the ASCII table we can find that hex value of a and b; on the terminal or you can search from internet. to find the ASCII values on terminal use this command : man ascii
value of b is 62, adding on this formula 72 xor dec(31) = 62 and 72 xor 62 = dec(31) then we calculate that value of dec(31) on xor calculator. 72 xor 62 = 10. The value of dec(31) or dec(b) = 10 ; for xor calculator : https://xor.pw/#
here we got that the value of dec(b) now the equation is 72 xor 10 =62 then we gonna find the value of dec(a) for finding admin cipher, here we know the value hex a=61. then the equation is dec(a) xor 10 = 61 (72 xor 10 = 61) here dec(a) = 10 xor 61 = 71 now we get that value of dec(a)= 71.
adding this value to leaked cipher as admin credentials replace the b value to a her a = 71, b was 72 adding that value of a on cipher like this below
then paste the cipher text on the question
here we got the flag: THM{FliP_DaT_B1t_oR_G3t_Fl1pP3d}
To complete this lab we need a good understanding of Block Cipher Mode Operation. the lab was difficult at a medium level but everyone can solve this by being aware of these Block Cipher Mode Operations.
Happy Hacking… :)
You can follow me on social media:
