Solution To The Rotohash Challenge (bountycon 2022)
Note: This solution is provided (with permission) by Sudip Shah and in his exact words and methodology. Enjoy!
The Challenge:
Challenge
As previously mentioned about programming, I didn’t properly understand the code but after multiple glances at the code, I came to know that the string is rotated and then hashed to md5 value. And yes, as you might have guessed, md5 hashes can’t be decrypted and can only be cracked. I saw the input rotation is an integer so yes the numbers, then I tried fuzzing the numbers from 1 to (length of the string ) and printing it inside the rotate function. Then I tried rotating the string through negative integers. The code snippet looked as,
fuzzing and printing the rotatefunction without hashing to see what’s happening
Then I got some ideas from this source .
Now it’s time to hop into the server and try it. A netcat connection was sent and we were to input the integer and the output would be the rotated then md5 hashed value.
So I assumed that the flag was 32 characters long. I tried entering -32.
It gave the md5 value = 18d86af9b3ff7d144983dc1bc13f5c7d . “18d86af9b3ff7d144983dc1bc13f5c7d” is the md5 value of “$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$” (32 dollar signs).
Now we need to fuzz the first character of the 32 dollar signs with some ASCII values then convert all of them to md5 hash and then compare it with the md5 hash given by the server when we enter -31. So I wrote this code to print the strings with 1st character modified to all printable ASCII characters.
modifying 1st character with ASCII values
The output of the above function which looks like :
Lets generate md5 hashes of all of this now . I used MiracleSalad’s online md5 hash generator to generate hashes from all of this strings and treat them as multiple lines .
md5 hashes of all the strings
I copied them to clipboard and pasted them in Notepad++ . Now we need to compare the md5 hashes with the md5 value which we get after entering -31.
-31
The hash we got this time was “2b31692aa52066c0f4439a540229b39b” which is the md5 value of “}$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$” . We can find this by hitting Ctrl+F in Notepad++ then searching for the hash value and noting the line number and grepping the initial string which was on that line number.
Line 84 got a hit
Like this we can then do it all again with the updated string and compare each md5 values until we get a “{“ as the format of the flag is BountyCon{ } ,so we can write BountyCon at the front ourselves and then compare it again with the value got from the nc server.
So we could get the string like this each time then we compare their first characters with md5 value provided by the nc :
We just need to compare the hashes which we obtained from the server with the hashes that we generated by fuzzing the first character of the dollar string each time.
Finally we can get the flag which is BountyCon{why_4re_U_5o_neg471v3}
Yes , we could do it very easily by writing a program to fuzz and generate and compare the md5 hashes but I am weak in programming and I am currently learning it with my best motive as by doing this ctf , I now more realize how important programming is day by day . So if you don't want to run a process manually multiple times and not waste probably 1 hour to find a 32 character long flag , then learn programming :D . It is never a bad idea to learn programming .
Solution.py (the easy and more reliable approach)
If you know programming then you can easily solve this problem by exporting the hashes from the server from -31 to 0 in results.csv file using the following python code :
Programming approach is wayy comfortable and reliable than manual approach . It is difficult to do each step one by one manually . If the length of the flag was more , it would be a lot more difficult to find the flag manually .
Results.csv contains the hashes as follows:
results.csv
The output of the solution.py is as follows:
output
We retrieved the flag : BountyCon{why_4re_U_50_neg471v3}