HackTheBox VHDLock Challenge
https://app.hackthebox.com/challenges/468
Description
We find ourselves locked in an escape room, with the clock ticking down and only one puzzle to solve. The final challenge involves opening the door, and the clue provided to us by the game master is that the key for the encrypted password is a 4-byte sequence.
Exploitation
#!/usr/bin/python3
def decoder_4x16(signal):
cases = dict()
val = 1
for n in range(16):
cases[n] = val
val = val << 1
if (signal < 0) or (signal > 15):
return 0
else:
return cases[signal]
def encoder_4x16(signal):
cases = dict()
val = 1
for n in range(16):
cases[val] = n
val = val << 1
return cases[signal]
inputs = []
outputs = [35, 307, 17, 33, 33, 53, 183, 2103]
key = []
for c in "HTB{":
inputs.append((ord(c) & 0xf0) >> 4)
inputs.append(ord(c) & 0x0f)
for i in range(len(inputs)):
new_key = decoder_4x16(inputs[i]) ^ outputs[i]
if new_key not in key:
key.append(new_key)
for k in key:
print(f"0x{k:02X}")
key = [ 0x33, 0x31, 0x31, 0x37 ]
lines = None
outputs = []
flag = ""
with open("out.txt") as f:
lines = f.readlines()
for line in lines:
outputs.append([int(x) for x in line.strip().split(" ")])
for i in range( len(outputs) ):
d1 = encoder_4x16( outputs[i][0] ^ (key[i % 4] ))
d2 = encoder_4x16( outputs[i][1] ^ (key[i % 4] ))
c = (d1 << 4) | d2
flag += chr(c)
print(flag)
Summary
VHDLock: decode the captured signal, map the bitstream, and recover the flag.