Daniel Henschel

Daniel Henschel

Random IT Solution Architect doing CTF challenges from time to time.

[HV22.H3] Ruprecht’s Secret

1 minute read

T2theSwgeW91IGZvdW5kIG1lLiBCdXQgeW91IGtub3cgd2hhdCB5b3UnbGwgbmV2ZXIgZmluZD8gVGhlIGhpZGRlbiBmbGFnIGluIG9uZSBvZiB0aGUgaGFyZCBjaGFsbGVuZ2VzIQ

Hints

  1. Something that should be kept secret isn’t so secret after all. Something can be used in different ways to achieve different results. Something has to be in a certain size. What is something?
  2. The flag is not in the docker container The flag is on another chain Another hint is in the hv19 channel

Solution

The description is base64 of Okay, you found me. But you know what you'll never find? The hidden flag in one of the hard challenges!. Great, no hint.

Well, that’s not too easy either. We know it has something to do with HV22.19. Some hint mentioned that all you need is in a screenshot of the flag. The flag has a few chars which are hex, but that was a dead end. The flag is 32 bytes long, this could be a match since hint 1.

After playing around with it, I already knew the function to derive an account from a private key. So in python, I used web3.py to get an account from that:

acct = w3.eth.account.privateKeyToAccount('HV22{__N1c3__You__ARe__Ind33d__}'.encode().hex())
acct.address # -> 0x65cCa9C197f6cF1e38628E4dA7305D924466e4fc

It mentions that it’s not in this docker nor on this chain, so let’s search the public chains with a tool like etherscan.io. It finds the address but no transaction or anything like that from it:

etherscan showing no transactions

But wait, what is that 1-bubble at the top? Hovering it reveals that this address is also known on another chain. Oh, Goerli Testnet. Interesting! Let’s go there to find 3 transactions:

transactions on goerli testnet

Checking them out, the one in the middle has some rather lenghty input: 0x576569686e61636874736d616e6e0d0a536167206d69722c20776965736f206269737420647520736f207363686c61753f0d0a576f686572206b656e6e73742064752067616e7a2067656e61750d0a44656e20576569686e616368747377756e73636820766f6e206a6564656d204b696e643f2028576569686e61636874736d616e6e290d0a446173732069636820736f206765726e2065696e2046616872726164206df66368740d0a47656c626520537472656966656e2077e472276e206d69722072656368740d0a556e6420537065696368656e2c20646965207769652053696c6265722073696e640d0a4b65696e20576567206973742064697220696d205363686c697474656e206a65207a7520776569740d0a4f62206e61682c206f62206665726e2c206265736368656e6b737420647520616c6c65204b696e646572206765726e0d0a4a65747a74207a757220576569686e61636874737a656974202844657220576569686e61636874736d616e6e292c2077656e6e206573207363686e65697420284b6f6d6d742062616c6420616e290d0a556e6420616c6c657320776569df20697374207765697420756e64206272656974210d0a576569686e61636874736d616e6e2c206963682068616227206469722065696e656e206c616e67656e20427269656620676573636872696562656e0d0a44617373206469636820616c6c65204b696e646572206c696562656e2c20756e642069636820686f6666272c206475206c69656273742061756368206d696368200d0a0d0a49636820776569df2c2065732069737420736f77656974207363686f6e2062616c640d0a4461737320696e206465722057696e7465726e616368742c20736f206b616c740d0a4b696e6465726c616368656e206c617574206572736368616c6c740d0a0d0a464c41473a20485632327b573331684e34436874356d344e6e5f2643302e5f4b477d

Throwing this into cyberchef shows a sweet german poem and the flag HV22{W31hN4Cht5m4Nn_&C0._KG}

flag

Updated: