Notsus.Exe

Crash out

So for this challenge we are given a password protected zip file with 2 files inside, flag.txt.yorm and notsus.exe

First thing I tried was using John The Ripper to crack the password, of which after about 30 minutes, it seemed like I had cracked something (i wish, turns out this was absolutely USELESS)

But when extract this, i got an error

So after much thinking and much dying inside, we got a hint of using bkcrack.

GitHub - kimci86/bkcrack: Crack legacy zip encryption with Biham and Kocher's known plaintext attack.GitHub

By running ./bkcrack -L ../files.zip I could find out if it is using ZipCrypto, making it vulnerable to a Known Plaintext Attack

So since we know that there is an exe file we can guess its file header and what the first 12 bytes would be, by running ./bkcrack -C ../files.zip -c notsus.exe -p outputwindows.txt and letting it run

Where i get the keys d1608c35 d11d350a 4bc3da9c , and thus by running ./bkcrack -C ../files.zip -k d1608c35 d11d350a 4bc3da9c -D files_no_password.zip I would be able to get the full contents.

Now that we have a functioning Notsus.exe file, how do we work with it? After performing some strings and looking around, we got to know it was a Python exe. So, my teammate, Rian managed to turn it into a pyc file which after decompiling into python, we found the following

# Decompiled with PyLingual (https://pylingual.io)
# Internal filename: notsus.py
# Bytecode version: 3.12.0rc2 (3531)
# Source timestamp: 1970-01-01 00:00:00 UTC (0)

import os
import sys
from itertools import cycle

def a(b, c):
    if len(b) < len(c):
        b, c = (c, b)
    return bytes((a ^ b for a, b in zip(b, cycle(c))))

def b(a, c):
    d = list(range(256))
    e = 0
    for f in range(256):
        e = (e + d[f] + a[f % len(a)]) % 256
        d[f], d[e] = (d[e], d[f])
    f = e = 0
    g = bytearray()
    for h in c:
        f = (f + 1) % 256
        e = (e + d[f]) % 256
        d[f], d[e] = (d[e], d[f])
        k = d[(d[f] + d[e]) % 256]
        g.append(h ^ k)
    return bytes(g)

def c(a):
    b = []
    for c, d, e in os.walk(a):
        for f in e:
            b.append(os.path.join(c, f))
    return b
d = b'HACKED!'
e = os.path.basename(sys.executable)
for f in c('.'):
    if e in f:
        continue
    with open(f, 'rb') as g:
        asdf = g.read()
    with open(f'{f}.yorm', 'wb') as g:
        g.write(b(d, asdf))
    os.remove(f)

Turns out, its RC4, which can be reversed to create a solve script

def b(a, c):
    """RC4 encryption/decryption function"""
    d = list(range(256))
    e = 0
    for f in range(256):
        e = (e + d[f] + a[f % len(a)]) % 256
        d[f], d[e] = (d[e], d[f])
    f = e = 0
    g = bytearray()
    for h in c:
        f = (f + 1) % 256
        e = (e + d[f]) % 256
        d[f], d[e] = (d[e], d[f])
        k = d[(d[f] + d[e]) % 256]
        g.append(h ^ k)
    return bytes(g)

# Decrypt flag.txt.yorm
key = b'HACKED!'
with open('flag.txt.yorm', 'rb') as f:
    encrypted_data = f.read()

decrypted_data = b(key, encrypted_data)

with open('flag.txt.decrypted', 'wb') as f:
    f.write(decrypted_data)

print("Decryption complete! Check flag.txt.decrypted")

Which gives us the final flag

grey{this_program_cannot_be_run_in_dos_mode_hehe}