lokori/writeup-for-reaktor-CTF

## writeup-for-reaktor-CTF
Reaktor's Java application CTF challenge from Disobey 2018

It seems I was not the only one struggling with the Java application challenge. There was
JAR file and that's how it began.

After decompiling the JAR the main class contained code which didn't do anything. It looks like this:

		String encryptedResult = "[3, 63, -54, -8, -45, -89, -91, 40, -111, -77, -76, -49, 119, 8, -46, 9, -70, 99, -12, 3, 124, 65, -66, 104, -18, 4, 64, 87, 6, -72, 68, 121, -32, -52, -104, 25, -54, 71, -84, -128, -35, -115, -74, -26, -30, -127, -96, -42]";
		String result = (String) null;
		String url = (String) null;
		fetchKey(url);
		doStuff(new UrlStore("rand", 10, "rko.herokuapp.com"));


After looking at the class UrlStore, it was evident that it's supposed to download something from
http://rand10rko.herokuapp.com

HTTP GET and you get this:
"[-102, 110, -25, 74, -34, -117, -34, -19, 86, 80, -128, -125, 75, -23, -41, 52] [-94, -76, -67, -38, -15, 25, -69, 106, -30, 79, 97, 124, -67, 97, 64, -27]"

Obviously this is not a string, these are byte values because the value range is conveniently between -128..127. So we
have two 16 byte vectors and one 48 byte "encryptedResult".

Getting here took like 10 minutes and then I was stuck. What now?
After trying different things I finally googled for encryption algorithms using 16 byte initial vectors and keys.
And AES cipher just happens to use 16 byte initial vectors and keys.

Then it was just a matter of trying it out.

Here's some Java code to do the decryption:

import javax.crypto.Cipher;

import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

public class Pasketus2 {

 public static void main(String[] args) {
    byte key1[] = {-102, 110, -25, 74, -34, -117, -34, -19, 86,  80, -128, -125, 75, -23, -41, 52};
    byte key2[] = {-94, -76, -67, -38, -15,  25,  -69, 106 ,-30, 79, 97,    124, -67, 97, 64, -27};
    byte encryptedResult[] =
      {3, 63, -54,   -8, -45, -89, -91,   40, -111, -77, -76,   -49, 119, 8,   -46, 9,
          -70, 99, -12,   3, 124, 65, -66,   104, -18,   4,   64,   87,  6, -72,   68, 121,
          -32, -52, -104, 25, -54, 71, -84, -128, -35, -115, -74, -  26, -30, -127, -96, -42};
    char[] os = new char[48];

    try {
      Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding", "SunJCE");
      SecretKeySpec key = new SecretKeySpec(key1, "AES");

      cipher.init(Cipher.DECRYPT_MODE, key,new IvParameterSpec(key2));
      System.out.println("kakkel : !!" + new String(cipher.doFinal(encryptedResult),"UTF-8") + "!!");
    } catch (Exception e) {
      e.printStackTrace();
    }
  }
}
	Reaktor's Java application CTF challenge from Disobey 2018

	It seems I was not the only one struggling with the Java application challenge. There was
	JAR file and that's how it began.

	After decompiling the JAR the main class contained code which didn't do anything. It looks like this:

	String encryptedResult = "[3, 63, -54, -8, -45, -89, -91, 40, -111, -77, -76, -49, 119, 8, -46, 9, -70, 99, -12, 3, 124, 65, -66, 104, -18, 4, 64, 87, 6, -72, 68, 121, -32, -52, -104, 25, -54, 71, -84, -128, -35, -115, -74, -26, -30, -127, -96, -42]";
	String result = (String) null;
	String url = (String) null;
	fetchKey(url);
	doStuff(new UrlStore("rand", 10, "rko.herokuapp.com"));


	After looking at the class UrlStore, it was evident that it's supposed to download something from
	http://rand10rko.herokuapp.com

	HTTP GET and you get this:
	"[-102, 110, -25, 74, -34, -117, -34, -19, 86, 80, -128, -125, 75, -23, -41, 52] [-94, -76, -67, -38, -15, 25, -69, 106, -30, 79, 97, 124, -67, 97, 64, -27]"

	Obviously this is not a string, these are byte values because the value range is conveniently between -128..127. So we
	have two 16 byte vectors and one 48 byte "encryptedResult".

	Getting here took like 10 minutes and then I was stuck. What now?
	After trying different things I finally googled for encryption algorithms using 16 byte initial vectors and keys.
	And AES cipher just happens to use 16 byte initial vectors and keys.

	Then it was just a matter of trying it out.

	Here's some Java code to do the decryption:

	import javax.crypto.Cipher;

	import javax.crypto.spec.IvParameterSpec;
	import javax.crypto.spec.SecretKeySpec;

	public class Pasketus2 {

	public static void main(String[] args) {
	byte key1[] = {-102, 110, -25, 74, -34, -117, -34, -19, 86, 80, -128, -125, 75, -23, -41, 52};
	byte key2[] = {-94, -76, -67, -38, -15, 25, -69, 106 ,-30, 79, 97, 124, -67, 97, 64, -27};
	byte encryptedResult[] =
	{3, 63, -54, -8, -45, -89, -91, 40, -111, -77, -76, -49, 119, 8, -46, 9,
	-70, 99, -12, 3, 124, 65, -66, 104, -18, 4, 64, 87, 6, -72, 68, 121,
	-32, -52, -104, 25, -54, 71, -84, -128, -35, -115, -74, - 26, -30, -127, -96, -42};
	char[] os = new char[48];

	try {
	Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding", "SunJCE");
	SecretKeySpec key = new SecretKeySpec(key1, "AES");

	cipher.init(Cipher.DECRYPT_MODE, key,new IvParameterSpec(key2));
	System.out.println("kakkel : !!" + new String(cipher.doFinal(encryptedResult),"UTF-8") + "!!");
	} catch (Exception e) {
	e.printStackTrace();
	}
	}
	}