Author:
ripfaceless

Language:
C/C++

Upload:
11:14 AM 08/09/2024

Platform
Unix/linux etc.

Difficulty:
3.0

Quality:
4.0

Arch:
x86-64

Description

For linux terminal passowrd crackme - level Two ..... Enjoy

• Comments
• Solutions

jnth on 8:11 AM 09/02/2024: could you give us a hint?

dev0 on 5:22 PM 09/02/2024: I have two questions on this. I think there are two bugs that make this a bit difficult to solve. The first is that fgets with a size of 64 will only accept 63 bytes of input and null terminate the 64th byte. This is problematic as now you are attempting to match a 64 byte input with a 63 byte input both being AES encrypted with the same key and iv. The key is also a problem with aes-256 being used. The key in aes-256 will be 32 bytes long but in the EVP_EncryptInit_ex the author sets the key parameter to offset 16 in the key buffer on the stack. This then includes the 16 bytes that follow the key buffer on the stack which happen to be the EVP_CIPHER_CTX and I believe the return address. If this was intended, then I think the difficulty should be much higher as you are again trying to take to different length plain texts and generate the same cipher text. And in this case since I believe the input would be a string with length 63 and AES has block size 16, the output cipher lengths will be different at 64 bytes to 80 bytes respectively. I believe AES will apply padding for the 63 byte input to make it 64. The 64 byte input will be padded to 80.

You must me logged to submit a solution