HackTheBox Shuffleme Challenge

2025-01-23[Updated: 2025-01-23]

https://app.hackthebox.com/challenges/356

Description

Intelligence indicates that the ancient data storage device you’ve obtained contains schematics for a never-before-seen weapon. But there’s a problem - it’s locked, and strange symbiotic lifeforms on its surface are constantly removing parts and reinserting them elsewhere. Can you get a clear picture of what’s going on?

Exploitation

#!/usr/bin/env python3
from pwn import *
from Crypto.Cipher import AES
from Crypto.Util.Padding import unpad

e = ELF('./shuffleme')
iv = bytes([0 for _ in range(16)])
key = []
keybuf = e.read(e.sym['key_blob'], 32*4)
for i in range(0, 32*4, 4):
    key.append(keybuf[i])
data = []
databuf = e.read(e.sym['data_blob'], 0x50*4)
for i in range(0, len(databuf), 4):
    data.append(databuf[i])
dec = AES.new(bytes(key), AES.MODE_CBC, iv)
print(unpad(dec.decrypt(bytes(data)), 16).decode())

Summary

Shuffleme: trace the binary, isolate the validation routine, and invert it to recover the flag.