Solution: Please Don’t Share Writeup – Hack The Box Crypto Challenge

Hello, in today’s post I’m going to write on Hack The Box’s Crypto Challenge – Please Don’t Share!

The download section of the challenge says ” Our intelligence service intercepted these strange messages which we saved in the messages.txt file. Are you able to help us decipher them? “, it means we are going to be presented with a messag that is encrypted, we need to decrypt it.

Let’s download and see what type of message it is;

➜  pds cat message.txt
source,destination,code,public
10.10.1.1,10.10.1.2,23snMFFUAzBkGou7QBwYgLrYjDX5bRPRk7yjjBDzfrxDGqgrZNLnkTtcDXQ9KLqJk17x4siBQNKzPnsssvuJEU5MT65uqHrPKyuNCPC87fFbswddaYJPM6RxccgcBwDj3PZF8MoigNy8QzuZD9VvtBibtsBSbEx4eHdcfQg3iDZGmZvJFfCtfnibjA9cdM5pe7mWBNXfuVrrdkEKcdGFa1o,27UsFJseRREXu6wjZRugHhKxwLD6jWbY9J5w2tTHp8ody1yvjp1phFXwPBerAYArE9BijQnaVqLXXPMa5LnVzJ3zTrwu4zLWb8nBfuBYqUmiynf5zne6X4uGu3hiWHGKwjnWJwDaSUsJspTqX6wNEGC1FmUHyK5wENojHFPNNuSFmGptLGEkjMki3kUki3m6SCFCDjPNMG8X56TfF4TZgfS
10.10.1.1,10.10.1.3,26GokGBknCFSn1LPRCuaKY2gAYdthgB5S4LvP93c5bUq148B3bZ6DdB8WxFAStgwo4dFnqrYuwm4xfaUnU8EZkavV23HtFBMCintShJfYcfXsQE9w2Pgu3v3Fc8Bu3dvTBc3APEU48uQpktFc7vMaKWrSWi1iNWNTqjXJTM5UzAfy7aB7yHzuQnmcuT2Uz9ZDn7UWGZCDUBaSt2TK3K1W6a,27UsFJseRREXu6wjZRugHhKxwLD6jWbY9J5w2tTHp8ody1yvjp1phFXwPBerAYArE9BijQnaVqLXXPMa5LnVzJ3zTrwu4zLWb8nBfuBYqUmiynf5zne6X4uGu3hiWHGKwjnWJwDaSUsJspTqX6wNEGC1FmUHyK5wENojHFPNNuSFmGptLGEkjMki3kUki3m6SCFCDjPNMG8X56TfF4TZgfS
10.10.1.1,10.10.1.4,23trvK6XXkuDNU6rv5GHLFnuTurqG9TQe7WyGiDNYp6682RUS7eK62ZkVfa6zKYL26whemo25HAzFdKsoKVgHGAGcN7bVj8k8by7M2rUKAZBXi3uV2g647swVWALJhF6ubyGzMATUKZtWs9y1eDgK9aLhN6Eyxn4em9TE2C6qngzdBbLAw9xx5rtsH3EAnrNr1aQWCSPL4ijuKj1os8DTLp,27UsFJseRREXu6wjZRugHhKxwLD6jWbY9J5w2tTHp8ody1yvjp1phFXwPBerAYArE9BijQnaVqLXXPMa5LnVzJ3zTrwu4zLWb8nBfuBYqUmiynf5zne6X4uGu3hiWHGKwjnWJwDaSUsJspTqX6wNEGC1FmUHyK5wENojHFPNNuSFmGptLGEkjMki3kUki3m6SCFCDjPNMG8X56TfF4TZgfS
10.10.1.1,10.10.1.5,22ixogk5Tg9gLHPmygE393u3W2KtXz4zG8Nrhwh8Ezjpeu4RrFVoYQ1E3RbPR4n8U7NS7FAFQRitxoMD5QPpKRYX3Ari3jfZqn66RkPr3tQAFKEYBPenZUVAEpeatCuNRvQiKAqJ2isKtHuu293KXgdRFuLd3rnopxwTgHfZTBLxDbsA2YQbpHTGbo3wwcJfMkP8ctV8v9HFvLdnBiYwxLn,27UsFJseRREXu6wjZRugHhKxwLD6jWbY9J5w2tTHp8ody1yvjp1phFXwPBerAYArE9BijQnaVqLXXPMa5LnVzJ3zTrwu4zLWb8nBfuBYqUmiynf5zne6X4uGu3hiWHGKwjnWJwDaSUsJspTqX6wNEGC1FmUHyK5wENojHFPNNuSFmGptLGEkjMki3kUki3m6SCFCDjPNMG8X56TfF4TZgfS
10.10.1.1,10.10.1.6,23t3v92vGrXgUjg11EHtAAb7jqNaM3ANcqHvAS2pGR1hVr5Kiwpyuu7oHE8BBDzTowGJbjc4x5nHwkuHUcZiJRfPQyMS3ETPYYCPWbffvsK4hETCevMsrehTWHMpin5y28LD3xnGiEeh4PUBJBwXMtuWDbSGRQuvDgrTr8k6vWULh9E6NDgwH7x3rTWxaugCWXNVhmbXq5twhwhzB4NPGLj,27UsFJseRREXu6wjZRugHhKxwLD6jWbY9J5w2tTHp8ody1yvjp1phFXwPBerAYArE9BijQnaVqLXXPMa5LnVzJ3zTrwu4zLWb8nBfuBYqUmiynf5zne6X4uGu3hiWHGKwjnWJwDaSUsJspTqX6wNEGC1FmUHyK5wENojHFPNNuSFmGptLGEkjMki3kUki3m6SCFCDjPNMG8X56TfF4TZgfS
10.10.1.1,10.10.1.7,23tKc5uLVSHr2ZSUhw58bEHVRomFrHQxo6QSy6GgQsbVCDfredgdiNgJHCznALsyBMHEfGhXrwzNctrWdvGprS7zYttJiDs5cL7ksGKp37Up8HHBVzkpzHrPqiS7jyzJf6iKKyomYFpiyWdaCrF9Aj7xCKkQYHRyPVe4jRPjj3FqE4VSmESJ7Xf82YQB5XQ1qus5LwQFG5CooF7H548X5Rw,27UsFJseRREXu6wjZRugHhKxwLD6jWbY9J5w2tTHp8ody1yvjp1phFXwPBerAYArE9BijQnaVqLXXPMa5LnVzJ3zTrwu4zLWb8nBfuBYqUmiynf5zne6X4uGu3hiWHGKwjnWJwDaSUsJspTqX6wNEGC1FmUHyK5wENojHFPNNuSFmGptLGEkjMki3kUki3m6SCFCDjPNMG8X56TfF4TZgfS
10.10.1.1,10.10.1.8,256eNHz889nPcTo8Z6tKA59jbHXFzcBZ9FpraGiv5hgdx5veXEhwBhe1qow952Npk5YiNGuriXHnv3RsWL3ZkzWvAPmycUwD8Gd94kFrLdtntsM5vHoNmsgb6ZHdiaYuhvTAkQGGrY4r4DZ36z2NWZLAx8RMG45buc9Rt3SFJm54HkrCcjPVkE8NmkBmuHMrd1ezdwkSkwkSt7wxQEoq7ez,27UsFJseRREXu6wjZRugHhKxwLD6jWbY9J5w2tTHp8ody1yvjp1phFXwPBerAYArE9BijQnaVqLXXPMa5LnVzJ3zTrwu4zLWb8nBfuBYqUmiynf5zne6X4uGu3hiWHGKwjnWJwDaSUsJspTqX6wNEGC1FmUHyK5wENojHFPNNuSFmGptLGEkjMki3kUki3m6SCFCDjPNMG8X56TfF4TZgfS
10.10.1.1,10.10.1.9,22hszR4g7Qu58TVpHdZLwRVXjRQiKunqRgjQLazWhHhcNUUnu1fJYADm4c4Xgqu5yruhBqejnGvbsb4Q87QeTJ6uxRD3tiUT4GN8MMwzoFbPeSnAKSqshWj5sfwy6fRUtGmLuTWm3scw3XXTwAnT1uugE591avUQ3XfwYpb1kRUDHcGz5FUsnYKVZ25odW8karrRm9RzZR1LFBSmt5934HM,27UsFJseRREXu6wjZRugHhKxwLD6jWbY9J5w2tTHp8ody1yvjp1phFXwPBerAYArE9BijQnaVqLXXPMa5LnVzJ3zTrwu4zLWb8nBfuBYqUmiynf5zne6X4uGu3hiWHGKwjnWJwDaSUsJspTqX6wNEGC1FmUHyK5wENojHFPNNuSFmGptLGEkjMki3kUki3m6SCFCDjPNMG8X56TfF4TZgfS
10.10.1.1,10.10.1.10,21WdrmmPKEeCuhADGN9A53JHmfxkb28bCsGBNrGfbMrqLJuDyi7azhaEeVk98CFjrcu3QAufnqAFB3sWkoedyTjLbU7PL5n61WGetE84KdYxLSwK94H3GnW16o8CnZAzKSUbovdW7b583THhvzGzvQMMptCTDBAHwSTyE988qf6nea9zzFubXqrbCRjsWWJhpXMxAYepYNMUvqWsjz8UE3a,27UsFJseRREXu6wjZRugHhKxwLD6jWbY9J5w2tTHp8ody1yvjp1phFXwPBerAYArE9BijQnaVqLXXPMa5LnVzJ3zTrwu4zLWb8nBfuBYqUmiynf5zne6X4uGu3hiWHGKwjnWJwDaSUsJspTqX6wNEGC1FmUHyK5wENojHFPNNuSFmGptLGEkjMki3kUki3m6SCFCDjPNMG8X56TfF4TZgfS
10.10.1.1,10.10.1.11,23t3yhAuaMWSkzyg5bwpwkcbwDW4b1vT7hKetYNsiW1SrS7kEd2Mz9SCoGM6qQ9QZRTYJUsbxP4U2qnsre3cdjhDBW3rqrhxK5XC12yo1HvujG5envGAyMwf4HpnZ1Z5NWcKkMpERMDpsJ8EbrnqLBTRPxW5UfzZHcvKwayp1KxwSzzwZTb671eSVAZkND4FHJApU1kht88vqitjBHUPp5H,27UsFJseRREXu6wjZRugHhKxwLD6jWbY9J5w2tTHp8ody1yvjp1phFXwPBerAYArE9BijQnaVqLXXPMa5LnVzJ3zTrwu4zLWb8nBfuBYqUmiynf5zne6X4uGu3hiWHGKwjnWJwDaSUsJspTqX6wNEGC1FmUHyK5wENojHFPNNuSFmGptLGEkjMki3kUki3m6SCFCDjPNMG8X56TfF4TZgfS

I found a text file with 4 sections, source, destination, code, public. From my initial scan using CyberChef, the first part of code and I found the message possibly in base58. BUT STILL ENCRYPTED. The second part “public” is the same so, I decided to target the first part only.

10.10.1.1 , 10.10.1.2 ,
3063559254092205807650747490288814162146139100196871271715080212491337958
4382317091697329447757439922682179699139629364016255733375104318541184726
51453903892 , 68647976601306097149819007990813932172694353001433054093944634
5918554318339765605212255964066145455497729631139148085803712198799971664
3812574028291115057151

If you notice, The origin IP is always 10.10.1.1 and the destination IP goes from 10.10.1.2 to 10.10.1.11

After scratching my head for a while, I made an intensive google search for the name of the challenge “Please, don’t share” I found there is an encryption algorithm called “Shamir Secret Sharing“, https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing

A poster in the HTB forum gave a hint about decryption way: https://github.com/antihorsey/ctf-writeups/blob/master/3dsctf-2017/Escape%20from%20Arkham%20I/arkham.py

Combining the hints and Google search I made the script to give me the required prime variable. The final python script is as below:

➜  pds cat arkham.py   
#!/usr/bin/env python2

import random
import secretsharing

shares = [
            (168427778, 3063559254092205807650747490288814162146139100196871271715080212491337958438231709169732944775743992268217969913962936401625573337510431854118472651453903892),
            (168427779, 5409716963002645780047888977554539643130004472674845561514278793595277775840949371047823231801115186288421069156147671806542063559106824754229501660102569117),
            (168427780, 3470417805014014928539193600953069745295468460519400123413216448282568886399397762865850903490979219985409759029173215286027965072761905524796215584941811165),
            (168427781, 2878419120972089606715980629617148184331032344463862875022201704319410719806902569554125690095484336015989524481635461552366860114539834115434583609389681147),
            (168427782, 3156739409999502346852670849870538480859964394153791685926632033488865052561227643625234097937057218444031144425306647656841774667806225384071649237139857054),
            (168427783, 3267304366804597800944739190404196863137781564086706182918988277609202049669835684409860490582533711880362420353771236115678417951344127536279980566682413626),
            (168427784, 4763152168408032446855026439464797499484371418768390386478327605584682184404842887866753104718371397762758012541004985057388358773148252674754321881163317183),
            (168427785, 2428215446241943969397222629087610739096730010989775314009911286517198472065495122766564376117450500866589381408269687918069344721086954895959813118548860280),
            (168427786, 1346012099245027255137846727095389802665539710218591031924196107275702342801810675138475726268268109034725954792888077009226006685063243040114310221915741361),
            (168427787, 3167103626579990164481551900631455406227649498339870931463659678762007414973185848385145925751739606156366598497723358368426602431521721329611646179289862914)
    ]

shares = [tuple(share[:2]) for share in shares]

secret_int = secretsharing.points_to_secret_int(shares)
print secret_int
➜  pds 

The first part “168427778” is a decimal value of IP address. I used this website https://www.ipaddressguide.com/ip to convert IP to decilmal.

Once I have everything in place, I ran the python script, here is the output:

➜  pds 
➜  pds python arkham.py
127794527714456619492160740683792836214064931790974360375583313939203957117
➜  pds 

Then I convert the result to result to hexadecimal and then I decrypt it to ASCII.

➜  pds python
Python 2.7.17 (default, Oct 19 2019, 23:36:22) 
[GCC 9.2.1 20191008] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> hex(127794527714456619492160740683792836214064931790974360375583313939203957117)
'0x4854427b7333437233745f53683472316e675f31735f41773373306d45217dL'
>>> '4854427b7333437233745f53683472316e675f31735f41773373306d45217d'.decode('hex')
'HTB{s3Cr3t_Sh4r1ng_1s_Aw3s0mE!}'
>>> 

nad we have the flag!!!!

HTB{s3Cr3t_Sh4r1ng_1s_Aw3s0mE!}

Thanks for reading, come back for more 🙂

Navin

Hey there, I'm Navin, a passionate Info-Sec enthusiast from Bahrain. I started this blog to share my knowledge. I usually write on HackTheBox machines and challenges, cybersecurity-related articles and bug-bounty. If you are an HTB user and like my articles, please respect here: Profile: https://www.hackthebox.eu/nav1n

You may also like...

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
Sorry, that action is blocked.