Secret SHenanigans

Description

A crook skilled in technology is wary of proven secure channel protocols like SSH or TLS: “they’re all probably backdoored” he thinks. As he regularly needs to receive confidential information from his colleagues, he has developed his own secure channel establishment protocol, allowing anonymous clients to send confidential information to his server.

You have access to a network TAP positioning you as a Man-in-the-Middle between a client and the server, and you have also managed to grab the application’s source code (unfortunately without the server’s private key…). Can you recover the secret that the client sends to the server?

Files

docker-compose.yml
README.md
943 B – e81e30e4db9a900161f64a10ca93265f5b77751841bc826f848067ead22217f6
secret-shenanigans.tar.xz
7.12 KiB – a17155f9a568909adbbc0c79d23796f43eb3cc1b100a27571d44e58613497b7c

Author

rbe

Challenge Instructions

First, download docker-compose.yml:
curl https://hackropole.fr/challenges/fcsc2024-crypto-secret-shenanigans/docker-compose.public.yml -o docker-compose.yml
Launch the challenge by executing in the same folder:
docker compose up
Then, in another console, access the challenge with Netcat:
nc localhost 4000

⚠️ Important: You must solve the challenge by interacting with the Docker container through the exposed network port. Any other way is not considered valid.

In case you encounter problems, please consult the FAQ.

Flag

You don't have JavaScript actived. No problem! You can check your flag like this: echo -n 'PUT_THE_FLAG_HERE' | sha256sum # possible output: e38378c2c65548c733158a1ab061681aa7d312d85f419fb53948db11fee15ef3

Writeups

There are no public solutions for this challenge yet, but you can submit yours after getting the flag.