HackTheBox Impossible Password Challenge

2025-01-23[Updated: 2025-01-23]

https://app.hackthebox.com/challenges/26

Description

Are you able to cheat me and get the flag?

Exploitation

XOR Decryption Analysis

Function Behavior

Takes byte array as input
XORs each byte with 9
Stops when:
- Encounters byte 9
- Processes 20 bytes

Decoding Example

# Original hex string: A]Kr=9k0=0o0;k1?k81t
Original: 41 5d 4b 72 3d 39 6b 30 3d 30 6f 30 3b 6b 31 3f 6b 38 31 74
XOR 9:   48 54 42 7b 34 30 62 39 34 39 66 39 32 62 38 36 62 31 38 7d
ASCII:   H  T  B  {  4  0  b  9  4  9  f  9  2  b  8  6  b  1  8  }

Decoded Result HTB{40b949f92b86b18}

Summary

Impossible Password: recover the XOR transform from the binary and invert it to reveal the flag.