jebidiah-anthony

write-ups and what not

Power Challenge

PART 1 : GIVEN FILES

$  md5sum power.tar.gz

  d878a796e00fb63353bf79cdc3b92b65  power.tar.gz

$ sha1sum power.tar.gz

  4956d86470b7c62392fdf35168ceb6a5c05a965d  power.tar.gz

$ gzip -d power.tar.gz

$ tar xvf power.tar.gz

  power/description.txt
  power/the_power_egg.enc

PART 2 : CHALLENGE DESCRIPTION

The file, description.txt, reads the following:

MISSION BRIEFING FOR EGGSHIELD AGENT:

Lucy is an avid fan of ROOTCON and is also an agent of Eggshield.

She was tasked to protect the Power Egg to protect it from thieves who would use it for evil purposes.

Our insiders from the multiverse were informed that she encrypted the data about the Power Egg using Advanced Earth Shenanigans.

They also told us the pattern of the password she used; composed of the following: a year her favorite ROOTCON Goon her favorite color (which is quite unique!)

For example: 2020-Methadone-teal

Moreover, they also acquired the hash of Lucy’s password. See below: 34d5cf6ecc220ab4c31d90f41f07c9a1

That’s all we can give you.

Good luck! -Eggshield

PART 3 : GETTING THE FLAG

The goal is to decrypt the contents of the_power_egg.enc that, according to the challenge, was encrypted using Advanced Earth Shenanigans which is presumably a variant of AES.

$ file the_power_egg.enc

  the_power_egg.enc: openssl enc\'d data with salted password

To get there, the password (or key) needs to be determined first. It was said that the password comprises of:

<YEAR>-<ROOTCON GOON>-<UNIQUE COLOR>

Where I selected the following:

YEAR          : 1920 onwards
ROOTCON GOONS : MEET THE GOONS
UNIQUE COLORS : A-F, G-M, N-Z

There were a lot of colors so I decided to trim the list by removing those with multiple words (e.g. Baby Blue) after scraping the contents of the webpage.

$ A_F=$(curl --silent https://en.wikipedia.org/wiki/List_of_colors:_A%E2%80%93F)

$ echo "$A_F" | grep "^<th.*4em.*<a" | sed -e 's/.*>\(.*\)<\/a>$/\1/g' | wc -l

  332

$ echo "$A_F" | grep "^<th.*4em.*<a" | sed -e 's/.*>\(.*\)<\/a>$/\1/g' | grep -v " " | wc -l

  92

The number of colors were significantly reduced (from 332 to 92 in colors starting from A-F). I’ll add/use those colors if the password still can’t be found.

Now to merge the color list:

$ A_F=$(curl --silent https://en.wikipedia.org/wiki/List_of_colors:_A%E2%80%93F)

$ G_M=$(curl --silent https://en.wikipedia.org/wiki/List_of_colors:_G%E2%80%93M)

$ N_Z=$(curl --silent https://en.wikipedia.org/wiki/List_of_colors:_N%E2%80%93Z)

$ echo "$A_F" | grep "^<th.*4em.*<a" | sed -e 's/.*>\(.*\)<\/a>$/\1/g' | grep -v " " > list.color

$ echo "$G_M" | grep "^<th.*4em.*<a" | sed -e 's/.*>\(.*\)<\/a>$/\1/g' | grep -v " " >> list.color

$ echo "$N_Z" | grep "^<th.*4em.*<a" | sed -e 's/.*>\(.*\)<\/a>$/\1/g' | grep -v " " >> list.color

$ cat list.color | wc -l

  248

I scraped the contents of the ROOTCON Goons page as well:

$ goons=$(curl --silent https://www.rootcon.org/html/about/goons)

$ echo "$goons" | grep "<b><c" | tr '<>' ' ' | awk '{print $3}' > list.goons

$ cat list.goons | wc -l

  27

The total number of combinations so far is 6,696 for each year that will be tested which is not so bad so I began writing this python script (md5_dec.py) that searches for a match with the password hash.

import hashlib

target = "34d5cf6ecc220ab4c31d90f41f07c9a1"

with open("list.colors") as colors_file:
    colors = colors_file.read().split()

with open("list.goons") as goons_file:
    goons = goons_file.read().split()

print "TARGET HASH    : %s" % (target)
year = 1920
while True:
    for x in goons:
        for y in colors:
            password = "%d-%s-%s" % (year, x, y.lower())
            md5 = hashlib.md5(password).hexdigest()

            if md5 == target:
                print "PASSWORD FOUND : %s" % (password)
                exit()

    year = year + 1

And running it gives us the password:

$ python md5_dec.py

  TARGET HASH    : 34d5cf6ecc220ab4c31d90f41f07c9a1
  PASSWORD FOUND : 2169-ShipCode-eminence

Now that we have the password, we could now decrypt the_power_egg.enc:

$ openssl aes-256-cbc -d -in the_power_egg.enc -k 2169-ShipCode-eminence -out the_power_egg

$ file the_power_egg

  the_power_egg: PNG image data, 198 x 255, 8-bit/color RGBA, non-interlaced

A PNG file is returned after decryption which when displayed show a QR code:

The Power Egg

Which when scanned gives us the flag!!

FLAG : rc_easter{p0w3r_1s_n07h1n6_w17h0u7_c0ntr0L}