Cryptohorrific

@ShingoTamai said:
To answer my own question: the base64 encoded flag that can be found in the application does not need to be pre-processed before it can be passed to a decription tool.

For the rest, IDA is your friend.
I need some hints. I stuck on this challenge. I found some data called hash,challenge,flag,initWithBase64EncodedString_options_ Am I on the right way?

@s10suzdongu said:

@ShingoTamai said:
To answer my own question: the base64 encoded flag that can be found in the application does not need to be pre-processed before it can be passed to a decription tool.

For the rest, IDA is your friend.
I need some hints. I stuck on this challenge. I found some data called hash,challenge,flag,initWithBase64EncodedString_options_ Am I on the right way?

You need to find the key and the iv needed for the decryption of the base64 encoded string contained within the .plist file…

@s10suzdongu said:

@ShingoTamai said:
To answer my own question: the base64 encoded flag that can be found in the application does not need to be pre-processed before it can be passed to a decription tool.

For the rest, IDA is your friend.
I need some hints. I stuck on this challenge. I found some data called hash,challenge,flag,initWithBase64EncodedString_options_ Am I on the right way?

Look into what was used to create the string you’ll be trying to break down. Understanding how that string was created and the parts it used will really help you in what you need to do to break that string down, and will make the process much faster.

Happy hunting!

Similar to s10suzdongu, I have found the data within IDA. There are 2 weird strings which I believe is important but unable to utilise it. These strings are called into the key and iv function and contain special characters. Any one could give me a hint?

Oh got it… SPOILER

Anyone else having issues with running IDA64 on Ubuntu?

Nevermind needed to launch from the terminal.

Please no more PMs. They do not bring “enrichment” / “enlightenment” to everybody.

I don’t know if this is considered a spoiler, however, for this and similar challenges, openssl can be used to decode ciphertexts.

This is the generic syntax to use, to be adjusted to your needs:

echo ciphertext | openssl enc -d cipher -K KeyInHex -iv IVinHex -nopad -nosalt -base64

Run “man enc” for additional options and details.

I have a pretty good understanding on how the code works. I’ve managed to get the base64 string, the IV and the KEY. I understand the IV and KEY should be in hex format. Yet I can’t seem to decrypt it (openssl). Am I overlooking something? Feel free to PM me any hints.

@MrProxx said:
I have a pretty good understanding on how the code works. I’ve managed to get the base64 string, the IV and the KEY. I understand the IV and KEY should be in hex format. Yet I can’t seem to decrypt it (openssl). Am I overlooking something? Feel free to PM me any hints.

You are, probably. Data you have is all you need to complete this challange. @ShingoTamai already gave the ultimate hint already.

Which one is the key? I have found several keys; I am guessing there are like 20+ possible keys. How do you differentiate which one is the correct key?

mmm i found the flag and two string it seems one key and another one the iv. Try with openssl but not work show me the message ‘chipther’ not found …

i create some script with all decode algorith
openssl enc -nopad -nosalt -K xxxxxx -iv yyyyy-d -aes-128-cbc -A <<< *flag

openssl enc -nopad -nosalt -K xxxxxx -iv yyyyy -d -base64 -A <<< *flag

etc … it is the right way ? but nothing nice…

but should I use some emulator?

doneeeeee! arghhhhh !!!

Hi!

I’ve managed to obtain the data, key and IV but whatever I try, decrypting doesn’t work. Anyone willing to help me out?

@Center said:
Hi!

I’ve managed to obtain the data, key and IV but whatever I try, decrypting doesn’t work. Anyone willing to help me out?

I’m at the same spot. I’m not sure I have the correct KEY and IV. Both strings include symbols like “!” and “%”

I also have what looks like a base64 encoded text… XTq+****== and I think its the encrypted text…

Im using openssl but so far no clue.

I solved it.

I would recommend to use this site:

And test with the values, VI might not be necessary.

IDA+AES

Just finished it after a week of wondering where I was going wrong. For anyone not using a mac to open the files, be careful what non-printable characters are present in the files and what they mean, chances are you have one thing wrong with your ciphertext.
Happy to help through DM.