QLotto

Technical Walkthrough

Writeup

Challenge

• Name: QLotto
• Category: Quantum
• Difficulty: Easy
• Mode: hybrid

Summary

This challenge is solved from server.py. The bug is that the input filter blocks qubit index 0 but does not block negative indices, so -2 and -1 reach Qiskit unchanged. A locally validated circuit uses that gap to act on q0 and q1, keeps q0 fair for the entropy gate, and forces the printed testing bits to be the per-shot complement of the hidden lotto bits. Once that relationship is proven, each printed number t maps to the hidden winning number with ((22 - t) % 42) + 1.

Artifact Inventory

Relevant artifacts:

• files/extracted/quantum_qlotto/server.py
• analysis/source-audit.md
• analysis/local-validation/negative-index-validation.txt
• analysis/remote/remote-session.txt
• solve/solve.py

Analysis

server.py builds a 2-qubit QuantumCircuit, applies H(0), accepts user gate instructions, validates entropy by measuring q0 over 100,000 shots, then measures both qubits over 36 shots with memory=True.

The key parser weakness is in generate_circuit():

• it rejects any parameter exactly equal to 0
• it rejects any qubit index >= circuit.num_qubits
• it does not reject negative indices

That means -2 and -1 are forwarded into Qiskit gate calls. The candidate circuit is:

H:-1;Z:-1;S:-2;S:-1;RZZ:-90,-2,-1;H:-1

Local validation in analysis/local-validation/negative-index-validation.txt proved four things:

1. generate_circuit() accepts the candidate unchanged.
2. validate_entropy() still returns true, so the q0 fairness gate is satisfied.
3. measure_all() returns two-bit memory strings that are anti-correlated on every shot.
4. Feeding those same memory strings into extract_numbers() shows that the printed testing_numbers map back to the hidden lotto_numbers with:

lotto = ((22 - t) % 42) + 1

This works because extract_numbers() builds the printed number from the first bit of each two-bit string and the hidden number from the second bit. With anti-correlation, the underlying six-bit values are complements before the % 42 + 1 reduction.

Solve

Run:

cd <local workspace>
python3 Quantum/QLotto/solve/solve.py

The solver:

1. Connects to the TCP service.
2. Sends the validated negative-index circuit.
3. Parses [Dealer] Your draws are: [...].
4. Derives the six hidden numbers with ((22 - t) % 42) + 1.
5. Sends the guesses back to the service.
6. Writes the returned flag candidate to loot/flag-candidate.txt.
7. Saves a sanitized transcript to analysis/remote/remote-session.txt.

Flag

Raw flag is stored in loot/flag.txt and intentionally not reproduced here.

Lessons

• In Qiskit-backed challenge services, negative indices are worth checking whenever validation only blocks 0 or >= n.
• For measure_all() plus memory=True, proving string bit order once can turn a fuzzy hypothesis into a direct solve.

Source-Backed Dossier

The sections below are merged from companion Markdown notes for the same case. They are rendered after sanitization so the article stays precise without publishing raw flags, credentials, or target-specific secrets.

Notes

Scope

• Challenge: QLotto
• Category: Quantum
• Difficulty: Easy
• Mode: hybrid
• Remote instance: <TARGET>:31927
• Start time: 2026-06-07T19:32:55Z
• Operator: harness
• State file: challenge-state.json

Harness Status

• Current phase: see challenge-state.json
• Next allowed actions: see next-action.json
• Raw flags and sensitive material stay in loot/ only. Do not paste them here.

Artifact Inventory

Evidence Ledger

Key Findings

• Local Qiskit validation in analysis/local-validation/negative-index-validation.txt confirmed that generate_circuit() accepts the candidate negative-index circuit and does not reject -2 / -1.
• The candidate circuit H:-1;Z:-1;S:-2;S:-1;RZZ:-90,-2,-1;H:-1 preserves fair entropy on q0 while producing per-shot anti-correlation in the measured two-bit memory strings.
• extract_numbers() interprets each two-bit memory string left-to-right as (testing_bit, lotto_bit). Under measure_all(), the simulator returned q1q0, so printed testing_numbers come from q1 and hidden lotto_numbers come from q0.
• The proven mapping is lotto = ((22 - t) % 42) + 1 for each printed testing number t.
• Reproducible remote solve is implemented in solve/solve.py, and the sanitized live transcript is stored in analysis/remote/remote-session.txt.

RAG / Advisory Memory

RAG output is advisory only. Record evaluated retrievals with:

scripts/challenge_harness.py rag-record <workspace> --query "..." --tag MATCHED|PARTIAL|MISSING|<secret redacted>|GENERIC --validation "..."

Secrets/Flags

Raw flags and sensitive material stay in loot/ only. Use scripts/challenge_harness.py capture-flag to validate and record flag capture without printing the value.

Memory Summary

Metadata

• Platform: HackTheBox Challenges
• Category: Quantum
• Challenge: QLotto
• Difficulty: Easy
• Source workspace: <local workspace>

Validated Solve Chain

Concepts only. Do not include raw flags, reusable credentials, tokens, cookies, private keys, or live secrets.

1.

Reusable Lessons

-

Dead Ends

-

Tool Quirks

-

Evidence Paths

-

Ingestion Decision

• Proposed for LightRAG: yes/no
• Requires user approval before ingestion: yes

Hypothesis Board

Keep no more than 3 active hypotheses on Easy/Medium and 5 on Hard unless the user explicitly asks for breadth.

Closed Branches

Memory Summary

approval_required: true

Sanitized Memory Summary

Metadata

• Platform: HackTheBox Challenges
• Category: Quantum
• Challenge: QLotto
• Difficulty: Easy
• Source workspace: <local workspace>

Validated Solve Chain

Concepts only. Do not include raw flags, reusable credentials, tokens, cookies, private keys, or live secrets.

1.

Reusable Lessons

-

Dead Ends

-

Tool Quirks

-

Evidence Paths

-

Ingestion Decision

• Proposed for LightRAG: yes/no
• Requires user approval before ingestion: yes

Notes

Notes

Scope

• Challenge: QLotto
• Category: Quantum
• Difficulty: Easy
• Mode: hybrid
• Remote instance: <TARGET>:31927
• Start time: 2026-06-07T19:32:55Z
• Operator: harness
• State file: challenge-state.json

Harness Status

• Current phase: see challenge-state.json
• Next allowed actions: see next-action.json
• Raw flags and sensitive material stay in loot/ only. Do not paste them here.

Artifact Inventory

Evidence Ledger

Key Findings

• Local Qiskit validation in analysis/local-validation/negative-index-validation.txt confirmed that generate_circuit() accepts the candidate negative-index circuit and does not reject -2 / -1.
• The candidate circuit H:-1;Z:-1;S:-2;S:-1;RZZ:-90,-2,-1;H:-1 preserves fair entropy on q0 while producing per-shot anti-correlation in the measured two-bit memory strings.
• extract_numbers() interprets each two-bit memory string left-to-right as (testing_bit, lotto_bit). Under measure_all(), the simulator returned q1q0, so printed testing_numbers come from q1 and hidden lotto_numbers come from q0.
• The proven mapping is lotto = ((22 - t) % 42) + 1 for each printed testing number t.
• Reproducible remote solve is implemented in solve/solve.py, and the sanitized live transcript is stored in analysis/remote/remote-session.txt.

RAG / Advisory Memory

RAG output is advisory only. Record evaluated retrievals with:

scripts/challenge_harness.py rag-record <workspace> --query "..." --tag MATCHED|PARTIAL|MISSING|<secret redacted>|GENERIC --validation "..."

Secrets/Flags

Raw flags and sensitive material stay in loot/ only. Use scripts/challenge_harness.py capture-flag to validate and record flag capture without printing the value.