Medium
Live
Headline
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
The SpaceStation.jpg contains the encrypted flag in the file flag.enc. The flag is encrypted using openssl and the AES algorithm. The iv and key used for the openssl encryption command are opcodes in an executable named Bangalore that is also hidden in SpaceStation.jpg.
You will need to know just a little bit about crypto, executable file formats and assembler to solve this challenge... objdump is your friend :-)
Needed info is provided in the embedded readme file.
First 10 Solvers
| Rank | Username |
|---|---|
| 1 |
Gilad
|
| 2 | momo1 |
| 3 | brezelsnacker |
| 4 | voidxhat |
| 5 | ebouteillon |
| Rank | Username |
|---|---|
| 6 | Rivit |
| 7 | spintronix |
| 8 | PFessORx |
| 9 | AbhiRen |
| 10 | adidoes |
AbhiRen
Another classic kcbowhunter forensics challenge, loved it! Great work!!
kcbowhunter
Thanks!
brezelsnacker
First of all, nice challenge. I successfully decrypted the flag.enc file but the flag contains a space and a newline. If I try to submit this flag, it fails and says 'Incorrect flag.'. Did I miss something?
kcbowhunter
Can you send me a DM on Discord and show me more details? Also please indicate which version of openssl you are using, I know on some challenges older versions of openssl have caused problems. There is one solver so that indicates to me that everything is working as it should.
kcbowhunter
I am using openssl version 1.1.1f 31 Mar 2020
kcbowhunter
You probably need to double check your iv and key.
brezelsnacker
Thank you very much! I checked my openssl version and it seems that macOS uses LibreSSL. I changed it and did it again. It worked :-)