Description

My implementation of authentication mechanisms in C turned out to be failures. But my implementation in Rust is unbreakable. Can you retrieve my password?

Analysing the binary we observe it is written in rust. The basic functionality is checking a password and printing a fake flag if the info is correct.

In order to get the real flag we need to paste the key into the real started server in htb.

You need to replace the input string you gave with the encrypted content it compares it against later and after running the encryption function you will have the decrypted password:

The encrypted password can be taken from the comparison:

The other way this can be done is by building a python script and understanding the format of the nonce and key of salsa and then extracting them from the structure passed to the decryption/encryption function call.

The structure has the following layout:

you can find the actual structure by looking at the other argument before the calling of the encrypt function showcased above

Inputting this password into the server prompt yields the flag