5/26/2023 0 Comments Safecat 2 cyberstakesYou can check out more coverage in our Last Of Us 2 guides, tips, and walkthroughs roundup and our guide to all The Last of Us 2 Collectibles. ChapterĪpartment bedroom (before dumpster puzzle) Here's a quick rundown of all the safes and their combinations. The Last Of Us 2: Every Safe Code Combination So if you want to go into The Last of Us Part II completely free of spoilers, we suggest playing through the game first and then coming back to this guide for a new game plus run or follow-up playthrough. We don't go into narrative developments, but we do spoil what type of locations you'll visit in the game by describing where to find certain safes and their corresponding clues. Just so you know, we do have to go into slight story spoilers in this guide to explain where certain safes are. Now Playing: The Last Of Us Part II Video Review By using the reference input, AAAAAAAAAAAAAAA, and iterating through all possible characters for the last byte, we can determine what the StrongToken’s first byte when our output matches the reference output.By clicking 'enter', you agree to GameSpot's Using the ciphertext block provided by the website as a reference output, we can brute-force the first byte of the StrongToken. This creates a ciphertext block using the plaintext AAAAAAAAAAAAAAA?, where ? is the first byte of the StrongToken. We first provide an input one byte smaller than the block size, AAAAAAAAAAAAAAA. Now that we know the block size and offset, we can begin brute-forcing the StrongToken. These results immediately show that there is no offset between the start of the plaintext and the username, since the first two blocks are already the same without any padding needed. By testing out two accounts with the same username but different passwords, we can see that auth_token doesn’t change as long as the username stays the same. We know it comes from the account information, so there’s only two real options: the username and password. Our first step is to figure out exactly what’s being encrypted. Modifying the request and seeing the auth_token change in the response. Finding the web request to repeat in the history menu. Burp Suite has a feature called Repeater that allows us to save a web request and repeatedly modify and resend it, rather than repeating the process in the web browser. Since we’re going to be using the account creation feature quite a bit, we should figure out a way to make the process easier for us. The entire attack process is well-explained in a blog post by Zach Grace. This will allows us to extract the StrongToken, byte-by-byte. Since the site is using Electronic Code Book (ECB) mode, we can perform a chosen-plaintext attack by using the account creation process as an encryption oracle. Prior to encryption, the site appends a StrongToken to the data and then encrypts it. The home page has several information blocks that give us a few hints about what this could mean: Information blocks from the website's main menu.Īuth_token is encrypted with a 128-bit key in AES-ECB mode. The list of site cookies from the Chrome DevTools menu.Īfter creating an account, the website tells us it’ll give us the flag after we provide it with the StrongToken. auth_token in particular stands out since it’s not a standard cookie that’s seen on other sites. The hints bring a lot of attention to the website’s login cookies, so we try creating an account and examining the created cookies. This problem diverts from the previous ones by providing us with a website instead.
0 Comments
Leave a Reply. |