ripfaceless's Level Two crackme password

Author:
ripfaceless

Language:
C/C++

Upload:
2024-08-09 11:14

Download

Platform:
Unix/linux etc.

Difficulty:
3.0

Quality:
2.6

Arch:
x86-64

Downloads:
31

Size:
16.41 KB

Writeups:
0

Comments:
9

Description

For linux terminal passowrd crackme - level Two ..... Enjoy

Comments (9)
Writeups (0)

You must be logged in to post a comment

jnth on 2024-09-02 08:11: could you give us a hint?

dev0 on 2024-09-02 17:22: I have two questions on this. I think there are two bugs that make this a bit difficult to solve. The first is that fgets with a size of 64 will only accept 63 bytes of input and null terminate the 64th byte. This is problematic as now you are attempting to match a 64 byte input with a 63 byte input both being AES encrypted with the same key and iv. The key is also a problem with aes-256 being used. The key in aes-256 will be 32 bytes long but in the EVP_EncryptInit_ex the author sets the key parameter to offset 16 in the key buffer on the stack. This then includes the 16 bytes that follow the key buffer on the stack which happen to be the EVP_CIPHER_CTX and I believe the return address. If this was intended, then I think the difficulty should be much higher as you are again trying to take to different length plain texts and generate the same cipher text. And in this case since I believe the input would be a string with length 63 and AES has block size 16, the output cipher lengths will be different at 64 bytes to 80 bytes respectively. I believe AES will apply padding for the 63 byte input to make it 64. The 64 byte input will be padded to 80.

jeffli6789 on 2024-09-26 18:01: Hi @dev0, yeah for the very same reason I think the challenge is busted and cannot be solved. I have tried to contact the author on this but have not been successful yet

mustafolins on 2024-09-30 02:34: It's not broken and this one can be solved with a pretty basic Linux command.

mov_rax_rax on 2024-10-11 14:39: Incredibly easily. Yeah, as the other user said, you can run a single command and get the answer. You can also easily see what it is if you decompile it.

dev0 on 2024-10-13 15:42: Yes the correct input is hardcoded in the binary and you can run that linux command to get the value BUT if you attempt to run the binary as is and use that key, which is supposed to be the correct key, you will never get the correct message because of the two bugs listed above.

alxxx on 2024-10-29 10:04: Why does a random string come out every time the password is encrypted?

thisguyneedsabeer on 2024-11-07 02:20: [Click to reveal]

ripfaceless on 2025-07-05 19:05: guys sorry if I answer you after so long, the code I entered is more of an experiment or if we want a game to understand how AI is able to build an algorithm "this in the 2024 model update period" based on chatgpt, how it introduces bugs if we also want stupid bugs I had also found it and it would not be comparable to a level two of difficulty but I have to compliment you for having discovered both the bug and the password this makes me think that AI is already scary now.

Show all spoilers

You must be logged in to submit a writeup

crackmes.one

crackmes.one

ripfaceless's Level Two crackme password