SecTalks 3 – Solution Writeup

The third SecTalks is rather interesting, and requires some level of guesswork. Upon unzipping the challenge archive, we’re greeted with a number of files, with “index.html” immediately grabbing our attention as a potential entry point, and a number of interesting items in the “data” folder.

At a glance, the “index.html” file is a page of text with a comment submission form at the bottom – upon closer inspection, there’s some interesting functions in the source code:

source_cryptofunctions

In addition to this, there’s also a rather curious bit of code, setting a local storage variable by the name of “test”:

source_test

De-encoding it yields what appears to be ciphertext, so let’s set it aside for now.

Inspecting the source code further shows that when a user submits a comment via the comment form in “index.html”, the message is encrypted with a known public key, and then placed in the browser’s local storage. You can see this happening if you use the comment form in Chrome, and keep an eye on local storage via the developer tools (F12).

Helpfully, the private key to decrypt these messages, as well as a pre-built message decryption tool, is provided in the “data” folder. Unfortunately, the private key (“encrypted.json” in “privateKey.zip”) requires a password to extract.

Taking a look at “caesar.jpg”, we find a picture of Caesar, along with a number of what appears to be ciphertexts. Typically a Caesar cipher is not too difficult to crack – for each ciphertext, there’s only 26 possible plaintexts (or 255 if you assume that all characters are permitted – which doesn’t make sense given the ciphertext).

A little bit of guesswork comes into play here, as we have no idea what the rules might be. A hint provided during the challenge mentioned that the key had something to do with sectalks: so a little modification to a Caesar cipher brute-forcing script yields the result:

“SECTALKSRULES”

Using this password allows us to unzip the private key archive, and load the contents of “encrypted.json” into the decryption tool in the data folder. From there, it’s a simple matter of modifying “index.html” to stick the contents of the “test” local storage variable into a file, revealing the hidden message:

solution

You can download the Caesar cipher brute forcing script here (for some unknowable reason I thought the password would be lowercase, it’s not).

About Norman

Sometimes, I write code. Occasionally, it even works.
This entry was posted in Computers, Jesting. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s