Wayback

Technical Walkthrough

Writeup

Challenge

• Name: Wayback
• Category: Reversing
• Difficulty: Medium
• Mode: file

Summary

Wayback ships a Linux key generator (V1) and a Python AES-CBC decryptor. The binary uses the local calendar time to seed glibc rand(), then generates a candidate key string from a configurable character set. The challenge description narrows the original generation time to 2013-12-10 through 2013-12-11 and states the candidate length and character classes. Replaying the exact generator over that two-day window recovered the AES key and decrypted the flag.

Artifact Inventory

• files/a12c733b-711e-4898-ad0c-e31539201d1f.zip: original HTB archive.
• files/extracted/rev_wayback/V1: Linux x86-64 C++ ELF key generator.
• files/extracted/rev_wayback/decrypt.py: AES-CBC decryptor with embedded ciphertext.
• analysis/artifact-inventory.json: hashes, sizes, and archive listing.

Analysis

The useful evidence came from local static analysis, not from public or RAG sources. The RAG result was recorded as generic advisory context in analysis/rag-records.md; the local prior note was only used as a reminder that glibc rand() must be reproduced exactly.

The binary audit is recorded in analysis/source-audit.md. The relevant disassembly is in analysis/local/V1-main-disasm.txt, and the string data is in analysis/local/V1.rodata.txt.

generate_password[abi:cxx11](int, bool, bool) builds the character set as:

• lowercase ASCII letters
• uppercase ASCII letters
• symbols !@#$%^&*_+ if enabled
• digits 0123456789 if enabled

The challenge text says the original key string is 20 characters long and includes alphanumeric characters and symbols, so the solve uses all four character groups.

The generator calls time(NULL), converts it with localtime, and builds a decimal calendar seed equivalent to YYYYMMDDhhmmss modulo 2^32. It then calls srand(seed) and picks each character with rand() % len(charset).

decrypt.py pads the candidate password to a 32-byte AES key with null bytes, treats the first 16 encrypted bytes as the IV, decrypts the remaining ciphertext with AES-CBC, and checks PKCS#7 padding.

Because V1 is a Linux/glibc binary, the solver does not use macOS rand() or Python random. It uses a Linux Docker Python process and ctypes.CDLL("libc.so.6") to call glibc srand and rand. The reconstruction was validated against the real binary in analysis/local/generator-validation.txt.

Solve

The reproducible solver is solve/solve.py.

Validation command:

cd <local workspace>
/opt/homebrew/bin/python3 solve/solve.py --validate-current-binary

Solve command:

cd <local workspace>
/opt/homebrew/bin/python3 solve/solve.py

The solver searched the inclusive calendar window from 2013-12-10 00:00:00 through 2013-12-11 23:59:59. It found the decrypting candidate at calendar second 2013-12-11T13:01:25, with seed 699413773, after 133286 candidates. The non-sensitive summary is stored in analysis/solution-summary.json. The recovered key string is stored in loot/<password redacted>.

Flag

Raw flag is stored in loot/flag.txt and intentionally not reproduced here.

Lessons

• For reversing challenges that use C rand(), reproduce the target libc implementation. macOS and Python PRNG behavior are not interchangeable with glibc.
• Calendar-derived seeds can be much smaller than the apparent password space when the date range is known.
• Validate keygen reconstruction against the original binary before trusting a brute-force search result.
• Keep raw recovered <password redacted> and flags in loot/; use analysis/solution-summary.json for publishable metadata.

Source-Backed Dossier

The sections below are merged from companion Markdown notes for the same case. They are rendered after sanitization so the article stays precise without publishing raw flags, credentials, or target-specific secrets.

Notes

Scope

• Challenge: Wayback
• Category: Reversing
• Difficulty: Medium
• Mode: file
• Remote instance: none
• Start time: 2026-06-12T07:34:03Z
• Operator: harness
• State file: challenge-state.json

Harness Status

• Current phase: see challenge-state.json
• Next allowed actions: see next-action.json
• Raw flags and sensitive material stay in loot/ only. Do not paste them here.

Artifact Inventory

Evidence Ledger

Key Findings

• V1 is a Linux/glibc C++ generator; candidate replay must use glibc srand/rand.
• The charset for the challenge path is lowercase + uppercase + !@#$%^&*_+ + digits, length 72.
• The seed is equivalent to YYYYMMDDhhmmss modulo 2^32 from localtime.
• The generator reconstruction matched the real binary in analysis/local/generator-validation.txt.
• The valid decrypting candidate was found at calendar second 2013-12-11T13:01:25; non-sensitive metadata is in analysis/solution-summary.json.

RAG / Advisory Memory

RAG output is advisory only. Record evaluated retrievals with:

scripts/challenge_harness.py rag-record <workspace> --query "..." --tag MATCHED|PARTIAL|MISSING|<secret redacted>|GENERIC --validation "..."

Secrets/Flags

Raw flags and sensitive material stay in loot/ only. Use scripts/challenge_harness.py capture-flag to validate and record flag capture without printing the value.

Memory Summary

Metadata

• Platform: HackTheBox Challenges
• Category: Reversing
• Challenge: Wayback
• Difficulty: Medium
• Source workspace: <local workspace>

Validated Solve Chain

Concepts only. Do not include raw flags, reusable credentials, tokens, cookies, private keys, or live secrets.

1. Reverse the Linux C++ key generator to recover its character set construction and seed formula.
2. Identify the seed as calendar time YYYYMMDDhhmmss modulo 2^32, passed to glibc srand.
3. Reproduce glibc rand() in a Linux environment and validate generated output against the binary.
4. Search the scenario's two-day calendar window for length-20 <password redacted> using lowercase, uppercase, symbols, and digits.
5. Use each candidate as the null-padded <secret redacted> key for the bundled decryptor ciphertext until a valid HTB-format plaintext is recovered.

Reusable Lessons

• Do not replay glibc rand() with macOS rand() or Python random; use Linux/glibc directly or a proven exact implementation.
• A timestamp-seeded key generator can collapse a large candidate space into a bounded calendar-second search.
• Validate a reconstructed keygen against the original binary before using it for flag recovery.

Dead Ends

• No meaningful dead branches. RAG output was generic and not used as evidence.

Tool Quirks

• The local sh PATH selected a Python interpreter without cryptography; /opt/homebrew/bin/python3 had the required package.
• V1 needed a recent Linux/glibc userspace. python:3.12-slim worked; ubuntu:20.04 was too old for the binary's required GLIBC/GLIBCXX versions.
• Docker was used only to provide Linux/glibc PRNG behavior; final decrypt logic ran locally.

Evidence Paths

• analysis/source-audit.md
• analysis/local/V1-main-disasm.txt
• analysis/local/V1.rodata.txt
• analysis/local/generator-validation.txt
• analysis/solution-summary.json
• solve/solve.py
• loot/flag.txt

Ingestion Decision

• Proposed for LightRAG: yes
• Requires user approval before ingestion: yes

Hypothesis Board

Keep no more than 3 active hypotheses on Easy/Medium and 5 on Hard unless the user explicitly asks for breadth.

Closed Branches