This program is a rust PE that is basically a 7zip for the “fcsc” format.
I had a look at it with ghidra but as decompiled rust hurts to see, I initially gave up after 30 seconds and solved other challenges.
But later i decided to give it a try. Since I had limited connection, downloading a windows VM was not an option. So I used my windows dual boot and tried to solve it with the least tools possible.
The program options are create <passwd> <archive> <files>
, cat <passwd> <archive>
and list
to print files in an archive.
After running the program a few times I had an AES error when using a wrong password. So I decided to use an online strings website to look at which crates were used. “aes-gcm”, interesting…
Then I downloaded an hex file viewer to compare the different archives. By changing only one variable at a time (filename / file content / password / filename length / file content length / number of files), I was able to guess the following structure:
<number of files> <some kind of hash of filename> <size filename + 16> <encrypted filename1 + 16 bytes> <size file1 + 16> <encrypted content1 + 16 bytes> [...]
By googling the hash of the challenge archive I found that it was in fact the SHA-256 of flag.txt, I was lucky on this one. Then there was still 16 bytes that were difficult to guess. But by thinking again at this “aes-gcm” string, of course it was the GCM tag. So now we have 2 potentially gcm encoded stream + tag, and a filename which may be the plaintext for the first one. Plus by playing with the format I noticed that if you store two times the same file or if a filename is equal to his content, the streams are the same. So with some crypto knowledge, or by looking at AES GCM vulnerabilities, the first flaw you find is nonce reuse. This seems to match exactly the setup for this challenge. By xoring with cyberchef the filename stream and flag.txt, you get the GCM stream. Then xor it with the file content stream to get the plaintext for the file.
It might be the first time I solved a reverse challenge with only an hex file viewer and cyberchef… In the end it was a crypto challenge undercover :D