Search for a command to run...
Root-Me's volunteers have prepared their wish lists to Father Christmas, nevertheless it seems that some lists with, specific requests, are only accessible to Father Christmas himself. However, a jealous elf, unhappy about not being able to prepare all the gifts has decided to try to get access no matter what. Unfortunately he did not succeed, which is why he's requesting for your help.
The only thing the elf managed is to get a network capture of when Father Christmas logged onto the app where the lists are stored.
Now it's your turn to help the elf and find a way to access the restricted lists, they might even hide something you're looking for.
Reverse the binary to get the master key, decrypt the pcap to steal Father Christmas's creds, login and grab the flag from Mika's wishlist.
We open listviewer in a disassembler and find two interesting things in :
.rodata0x4330: f91981d6bcb872f434319841861521970x4320: baa063700231c94ca1618c6cThese are used to decrypt the session key sent by the server (AES-128-GCM).
This took a while lol. The binary does some weird stuff:
0xabababab (repeated 4 times)So the actual key = rotate(session_key ^ 0xabab..., 12)
With the right key derivation, we decrypt the LOGIN command from the pcap:
LOGIN fatherchristmas hOa84ONoAu8MfmPZzNK7Zpr43hCOGqD
Got the creds!
We connect to the server, login as Father Christmas, and check all the wishlists. The flag is hiding in Mika's list:
RM{Sh1t_3nCrypT10n_H0h0h0_Y0u_G0t_Th3_L1sT:}
solve script:
import socket
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad, unpad
MASTER_KEY = bytes.fromhex('f91981d6bcb872f43431984186152197')
IV = bytes.fromhex('baa063700231c94ca1618c6c')
sock = socket.socket()
sock.connect(('dyn-02.xmas.root-me.org', 15833))
# Get session key
data = sock.recv(4096)
cipher = AES.new(MASTER_KEY, AES.MODE_GCM, nonce=IV)
session_key = cipher.decrypt_and_verify(data[15:31], data[31:47])
# Derive message key (xor + rotate 12)
key_xor = bytes(a ^ 0xab for a in session_key)
key = key_xor[12:] + key_xor[:12]
def send(cmd):
ct = AES.new(key, AES.MODE_ECB).encrypt(pad(cmd.encode(), 16))
sock.sendall(ct.hex().encode() + b'\n')
def recv():
ct = bytes.fromhex(sock.recv(8192).strip().decode())
return unpad(AES.new(key, AES.MODE_ECB).decrypt(ct), 16)
send('LOGIN fatherchristmas hOa84ONoAu8MfmPZzNK7Zpr43hCOGqD')
recv()
send('LIST Mika')
print(recv().decode())