https://app.hackthebox.com/challenges/166
Looking at the file, we can see a couple functions that seem interesting
ftw
do_it
EncryptFile
Encrypt
Here we can see a for loop that is basically for i=0; i<param; i++
So we are iterating through every char in param_2.
Inside this loop we are then adding param_1 (grabbed from local_17) to the i’th item in the array.
We can decode the hex to get a string and then reverse it since we are reading little endian
Ref: https://en.wikipedia.org/wiki/Endianness
Something really interesting, in IDA, this string is easily visible without needing to decode it.
Now we know how the encryption works.
Get a file > read the bytes > add bytes to the file based on the “Key” of “SUPERSECRET”
To reverse this, we will create a python script to subtract each byte in SUPERSECURE from each byte in the encrypted file.
I think this will make a lot more sense with a horribly drawn picture
Now that we have our script, we will run it to decrypt our file.
Finally, we will open new xlsx file in excel
Or ezviewer
And we have our flag!
HTB{M4lW4R3_4n4LY5I5_IN73r357iN9_57uFF}
And this officially marks the end of the Intro to Blue Team track in Hack The Box.
This has been a great journey and I learned quite a bit.
This RE challenge was absolutely the most difficult and I have quite a ways to go before I am comfortable working in IDA of Ghidra, but I now know for sure it’s a weakness in my knowledge.
Killian Sherer 