https://app.hackthebox.com/challenges/630

Description

The military possesses a server containing crucial data about the virus and potential cures, secured with encryption and a key distributed using a secret sharing scheme. However, authorized members holding parts of the key are infected, preventing access to the research. Fueled by your cryptography passion, you and your friends aim to hack into the server and recover the key. Can you succeed in this challenging mission?

Exploitation

#!/usr/bin/env python3
from pwn import *
import json
import sys
from hashlib import sha256
from Crypto.Cipher import AES
from Crypto.Util.Padding import unpad
from Crypto.Util.number import getPrime
from sympy.ntheory.modular import crt

def connect(host, port):
   return remote(host, port)

def get_share(io, x):
   io.sendlineafter(b'query = ', json.dumps({"command": "get_share", "x": x}).encode())
   response = io.recvline().decode().strip()
   return json.loads(response)

def get_enc_flag(io):
   io.sendlineafter(b'query = ', json.dumps({"command": "encrypt_flag"}).encode())
   io.recvuntil(b'encrypted flag : ')
   data = io.recvline().decode().strip('.\n')
   return json.loads(data)

def main():
   if len(sys.argv) != 2:
       print(f"Usage: python {sys.argv[1]} <ip:port>")
       sys.exit(1)
   host, port = sys.argv[1].split(':')
   io = connect(host, int(port))
   print("[*] Collecting shares using prime numbers...")
   primes = []
   remainders = []
   for i in range(19):
       p = getPrime(15)
       share = get_share(io, p)
       if share['approved'] == 'True':
           y = int(share['y'])
           primes.append(p)
           remainders.append(y % p)
           print(f"[+] Got share {i+1}/19: prime={p}, remainder={y%p}")
   print("[*] Applying Chinese Remainder Theorem...")
   key = int(crt(primes, remainders)[0])
   enc_data = get_enc_flag(io)
   key_bytes = sha256(str(key).encode()).digest()
   iv = bytes.fromhex(enc_data['iv'])
   ct = bytes.fromhex(enc_data['enc_flag'])
   cipher = AES.new(key_bytes, AES.MODE_CBC, iv)
   pt = unpad(cipher.decrypt(ct), 16)
   print(f"[+] Flag: {pt.decode()}")
   io.close()

if __name__ == "__main__":
   main()

Summary

MSS: exploit the RSA structure, recover the missing secret, and decrypt the flag.