Merry Christmas 2024 - hashpwn Wordlist Challenge

cyclone

@casper_ You made it to the last step! That string is the download URL which has been XOR'd using a key. Spoiler details below:

Spoiler

To XOR the string, you need to find the XOR key.

For simplicity, the challenge used HEX 0x01 which could be guessed very easily, especially when brute forcing the key.

Below are several examples of XORing the string back to plaintext. CyberChef runs in browser, and the Python3, Go and C code can either be run from your local PC or on an online compiler.

CyberChef:
https://gchq.github.io/CyberChef/#recipe=XOR({'option':'Hex','string':'1'},'Standard',false)&input=aXV1cXI7Li5mbmdobWQvaG4uZS4zNDNjYDVkZSw0ZDRgLDU5MDMsYDE3NixkODlgMTdnOGM1M2Q

Python3
input_str = "iuuqr;..fnghmd/hn.e.343c5de,4d4,5903,176,d8917g8c53d"

hex_key = 0x01

output = ''.join(chr(ord(c) ^ hex_key) for c in input_str)

print(f"String:\t{input_str}")
print(f"Key:\t{hex(hex_key)}")
print(f"Output:\t{output}")

Go
package main

import (
"fmt"
)

func xorString(input string, key byte) string {
output := make([]byte, len(input))
for i := 0; i < len(input); i++ {
output[i] = input[i] ^ key
}
return string(output)
}

func main() {
inputStr := "iuuqr;..fnghmd/hn.e.343c5de,4d4,5903,176,d8917g8c53d"
hexKey := byte(0x01)

    output := xorString(inputStr, hexKey)

    fmt.Printf("String:\t%s\n", inputStr)
    fmt.Printf("Key:\t0x%X\n", hexKey)
    fmt.Printf("Output:\t%s\n", output)

}

C

#include <stdio.h>
#include <string.h>

void xorString(const char *input, char *output, unsigned char key) {
size_t len = strlen(input);
for (size_t i = 0; i < len; i++) {
output[i] = input[i] ^ key;
}
output[len] = '\0';
}

int main() {
const char *inputStr = "iuuqr;..fnghmd/hn.e.343c5de,4d4,5903,176,d8917g8c53d";
unsigned char hexKey = 0x01;
char output[256];

xorString(inputStr, output, hexKey);

printf("String:\t%s\n", inputStr);
printf("Key:\t0x%X\n", hexKey);
printf("Output:\t%s\n", output);

return 0;

}

v1cvap0r

@casper_ said in Merry Christmas 2024 - hashpwn Wordlist Challenge:

I was stuck here and couldn't get any further. Thanks for the the challenge

"This looks like XOR to me...
iuuqr;..fnghmd/hn.e.343c`5de,4d4`,5903,`176,d89`17g8c53d"

Same here. Completely out of my "confort zone".
Kudos to @cyclone for his initiative and willingness to help.

cyclone

@v1cvap0r @casper_ The XOR string was meant to throw a small curve ball at the end of the challenge. Those familiar with programming and/or cryptography would be familiar with such bitwise ops, but it would likely be something new to other users.

karkajoi

@cyclone Thank you to the author for such an interesting puzzle!