Hack The Box - Ebola Virus - Crypto Challenge - Write-up

We're given a key and an encrypted data. Reading the hint , the author said it has something to do with frequency analysis. Another hint says that you don't need the key. So, I ignore it for now.

Let's find a frequency analysis tool first. I found this  online tool. It's the best tool I can find. Some tools do not support special characters. Now, put the encrypted data into it.



Then we got this.
The first rank is a tab character according to the encrypted data. Referring to a letter frequency table, the letter 'e' is the most common letter and the 'SPACE' is the most common character. Therefore, the first rank might be the SPACE character and the second rank might be the letter 'e'. Also, I found this with the same tool. 

Trigraph 'the' is the most common in English according to the frequency table. So, this confirms that the second rank is the letter 'e'. Now, let's just use find and replace.
Ooooh. Still gibberish but we're getting somewhere. Notice the words 'the' and 'then'. Let's create a simple python script to find and replace using the table. 
Woah. We're getting warmer. I think we're on the right track. By inspection, 'ollness' might be 'illness' and 'seroaus' might be 'serious'. A bit modification to the script and retry.
So, now I think it's clearer. I also noticed that the table does not include capital letters. Therefore, I used another another table. A bit more modification here and there, we end up with this.
I googled this text and found this.
This will help us a lot. So, more modifications and we got this. Looks like the flag is at the bottom.


'N' should be a line break and we know that the flag format is HTB {flag}. Therefore, 'W' and 'J' can be easily substituted.
This did not work when submitted but we're so close now. 'M' looks like an underscore. And the flag reads something like '...know how to control...'. So, a bit more logical analysis and trial and errors, we end up with the correct flag. Hooray!


Comments

  1. Can you tell me what type of cipher it is?

    ReplyDelete
  2. can you please give a hint on how to open the bin file? I tried vim and od -a but it doesn't work

    ReplyDelete

Post a Comment