So the challenge in Enhanced PLC Encryption Standard is a log file of an encrypt

1. So the challenge in Enhanced PLC Encryption Standard is a log file of an encryption handshake along a the description of their custom algorithm. Boiled down this is what was happening:
2. 1) A transmits a "challenge"
3. 2) B concatenates each character of their password with the challenge separately and hashes it, transmitting each one by one
4. 3) A encrypts some plaintext with Triple-DES (in CBC so they supply an initialization vector) using that password as the key
5.  
6. So effectively what's going on here is that we're given the SHA256 hash of each character (length 24) in the password along with a known salt (the challenge). It's especially obvious because some of the hashes repeat. I went online to a SHA256 hasher and found a match on my first try. SHA256('a' + 'VkcV29UKCGbfuZyqea7uKbZ9') = 67dac..., which was in the log file. Rather than do it manually I wrote a small shell script to generate a rainbow table for non-extended ASCII characters:
7. for i in {1..127}
8. do
9. printf \\$(printf '%03o' $i) > file
10. echo -n "VkcV29UKCGbfuZyqea7uKbZ9" >> file
11. echo "$i `shasum -a 256 file`"
12. done
13.  
14. It took a little longer than planned because I forgot that echo will add in newlines unless you use the -n flag. I've never output decimals direct to binary in Bash and future I'll probably avoid doing it since that kinda sucked. Regardless, it worked and I had all of the hashes. I then took each hash from the log, searched it in the table, and then took at ASCII value of the decimal I printed out alongside it. If I were either more or less lazy I'd probably have written a second script to poke through the log but that seemed like a lot of input parsing and it was only 24 characters so I manually matched each hash and came up with the secret: 'ultras3cr3tpa$$w0rd2019!'. I then ran the two messages from the log file through 3DES with the settings and key and sure enough I found the flag.
15.  
16.  
17.  
18. For Schlamperei (meaning 'lazyness' in German) we have a zip file and a message.txt file with spaced hex values represented as ASCII pairs (6C C4 4E FD 19 11 1D...). The zip file is encrypted. The password is the numerical component of the zip's name (setup_customerID_9721). Inside is a gpg public/private key pair and a file named 'sessionkey_2fishecb.txt.gpg' among some other things. Anything with a filename containing 'key' is probably important, so I started decrypting there. I couldn't import the key without a password so I went looking in the rest of the zip. There are two more files, one is a License.txt file that had nothing of value and the other was a README that had a note at the bottom: "NOTE: The old default encryption password 'VMC' has been replaced since 09/2018. Please use the new one.". At the top of that file they say they changed the name of the company from VMC to MFMC, so I used that and it worked. This decrypts us the session key file. GPG/PGP only use asymmetric encryption to share a symmettric key, called the 'session key'. Using a flag I've never seen before (--override-session-key) I was able to use GPG to decrypt the file, which cleanly became a 16-byte value that looks promising as a symmetric key. The back half of the file name is important here, TwoFish is the name of an encryption standard that isn't the default (AES256 aka Rijindael) and ECB (Electronic Code Book) is a mode specification. Andy Kirsh also got through this point but we both struggled for a while to get this over the finish line, just taking both values and trying to decrypt them either locally or online produced garbage. Eventually I figured out that the problem was that I was attempting to decrypt the message.txt file as text but needed to dump it straight out as a binary file. Using xxd -r I was able to dump it out and then plug it into an online decryption tool to extract the flag.
19.  
20.  
21.  
22. For Convenience First, you are given a picture of a computer monitor on the login screen and told the flag is a username-password combo. The image has a post-it talking about a barcode scanner and several visible barcodes, so I started plugging them into online readers. The first gave me nothing but the second gave me an obvious username (User8213). The third also gave me nothing and the fourth had a string hanging in front of it, so it was unreadable. This challenge has a relatively high points value so I think they were expecting people to write a script or something to fill in the missing bits iteratively to find a hit. I don't want to boast but I'm a pretty hot hand in MSPaint, so I fired up Preview with the Highlighter tool and got to work. Frankly I was flabbergasted when my first attempt worked, the lines weren't even straight.
23.  
24. --Failures--
25. For My Servos Are Getting Mad we're given basically nothing but a server address with an "mqtt" protocol prefix. I've never used it before but some googling suggests it's a broadcasting service for light clients similar to a live-only Kafka. I installed an MQTT and was able to connect to the instance, although MQTT has 'topics' that you need to subscribe to and there's no way to list out what topics have messages being published. After some struggle I realized that the specific client I was using didn't have the ability to subcribe to a wildcarded topic but that functionality existed in other clients so I switched to Mosquitto and was able to subcribe to all topics. I immediately saw a stream on the servo/rpm topic of numbers ranging from about 130-200 repeating in a cycle separated by zeros (0 0 153 147 158 152 132...). I tried everything I could think of and was unable to decode it.
26.  
27. Help Me seemed pretty straightforward, given an encrypted Zip file extract a password. Using John the Ripper you can see there's a password database as the sole file in the zip. It's been a while since I messed with this stack (the last time I tried to crack a password we didn't have to worry about using GPUs) and it took me a while to get Hashcat to recognize all my GPUs (the 1080 I wanted to use had a stub driver bound to it for GPU passthrough to a Windows VM and after a while I just decided to run Hashcat in the VM, Hashcat runs well on Windows and wasn't likely to suffer a performance penalty). I used John to dump the hash for the zip(SHA256) in a format Hashcat could understand and then fired it off in brute force mode with no mask and maximum aggression set on the 1080. It could manage almost 800KH/s and was set to take about 36 hours to run through all possible 7 or less character passwords. Since I also had a 950 (good for about 70KH/s) installed I spent a while constructing a more refined 'mask' and used a dictionary paying special attention to the word 'password', which occurred a several times in the clue. Both approaches proved fruitless, and looking at the hint (which I'd have had to pay to unlock) the password was related to some industrial protocol and I never found the flag.