 Hello everyone my name is Jon Hammond and welcome back to another video showcasing more of the all-army cyber stakes or ACI CTF. So let's dive in. I want to be finishing up some of the harder more difficult challenges so I'm going to scroll down to the bottom of my solve filter and I want to take a look at this sharing is caring challenge. The time recording it has about 250 points worth and 147 people have solved it. It's Friday competition ends on Sunday so they might get a few more solves in. It says hey challenger I know you're putting together that Veterans Day presentation here's all the US service seals straight from Wikipedia. I think you'll only need four of them to get the points across more than that is just excessive but it's up to you. So we're given a file to download and I will hop into our directory to work with some of the stuff. I'll make your sharing is caring hop over there and let's W get that file down. Okay so while that's downloading I am transparent about hey I'm gonna check the hints I want to know what this challenge is really getting at it helps our learning it helps my learning I hope it helps your learning. I don't think there's any shame in taking hints when that's what it's all about it's all about education and all that so research split scheme split secret schemes four out of the five secrets are required. Okay so before we go down the rabbit hole of researching and learning let me go ahead and actually unzip this so tarxzf and we looks like we have images here we have one two three four five so five images and we can take a look at what these are part of the air force part of the army nice coast guard yeah URA and Navy and Marine Corps okay cool so all the service seals that they mentioned no space force what the heck come on where's space force in here so let's do some regular file reconnaissance if I just run strings in the first image I see this weird guy this one long line one and then a bunch of numbers so I'll take that I think let's actually make some notes let me suble a little read me file just above here and I'll grab that first secret or whatever that is and put it in there we can do the same on two but I don't see anything extremely interesting in that right off the bat so let's try it on three that has the third one in here okay steal that just as well and let's do it for also four still nothing all right how about five looks like five has it as well okay so we're missing two and four we can do some more file reconnaissance I'll just run exit tool on two okay it looks like it sees it there in the artist metadata tab so let me steal that slap that in I'll make some new lines here and let's try that also on four looks like that works okay he's also in the artist section there okay so we have all these secrets we have five of them it says we only need four interestingly enough but what do I do with these what actually is split secret schemes so if I google this schemes what is secret splitting some information on wikipedia shamir secret sharing secret splitting also called secret sharing enables you to split a secret across into different shares and give the share and custody of multiple persons without disclosing the secret itself okay that's the idea sounds a little bit more like crypto than to me than forensics but oh okay they do a little implementation inside here random key is subtracted digit by digit without carry from the number combination this guy oh computer data they're using xor hmm secret sharing also called secret splitting refers to methods for distributing a secret among a group of participants each of whom is allocated a share of the secret secret can be reconstructed when only a sufficient number or possibly different types of shares are combined together individual shares of no use on their own well we have all the shares we have all the pieces of this thing secure versus insecure secret sharing oh that's probably interesting secure secret sharing scheme oh lots of s's distribute shares so that anyone with fewer than t shares has no more information about the secret than someone with zero shares consider for the password consider for example the secret sharing scheme which the secret phrase password is a vital the shares pa ss w o r d huh okay well we have all the shares so what do we do with this shamir's secret sharing shamir's secret sharing is an algorithm in cryptography yeah is that what we need shamir's is there anything that does that shamir's secret sharing s s s is that a tool how do i learn that let's look for github sss shamir secret sharing secret sharing shamir a java implementation of it is that what is that oh that's like a whole library i don't know if i want to deal with that also secret sharing doing the same thing maybe just secret sharing github block stock secret sharing is that the one that i was just in oh no okay that's a that's a little python library oh it looks like they use the same sort of thing that we use from secret sharing import plain text hex secret sharer what else is there well if we have the python library maybe be that will behave library for sharding and sharing secrets okay it just needs pip so let's try that pip install secret sharing um okay i've got it does it work i don't know if it's python 2 or python 3 not gonna lie pi pi v2 well we can try it they use secret sharer and those are hex but our numbers are in like decimal they're like straight integers base 64 base 32 raw integers okay splitting into shares from secret sharing import secret insta point well can i run that just on its own can i let's move out of here let's do a subtle um ape dot pi let's grab all of these in here let's critish little shebang line and i'll shrink this down so it's at least sane to read i'm gonna remove these new lines so i can make each of these a list element there we go i just use control shift and control shift l to make multiple cursors and then i align them with the home key or the end key and then i can modify as i need to on across multiple lines so i like that a lot in sublime text okay let's try and import secret sharing and they use secret int to points to go ahead and make the share and they use points to secret int to get recover the secret so from secret sharing import points to secret int it looks like their original secret okay and they're using l here so that makes me think it's python 2 i'm gonna have to use python 2 i guess we'll try it we'll try it in three but we'll see what it does even if i even run that will that work python 3 ape nope it winds about the long data type so that's totally a python 2 gimmick fine fine i'll just use python 2 their syntax is they have a secret and they use secret int to point and that returns a list of tuples of all of the secrets as their integers and their long form the l so what i'll do is i'll do for i and s in oh we should make this actually a shares list here and then let's expand that a bit for is in a numerator of shares we will have a uh their version list name i guess so their version will append in a tuple of index plus one because it's going to be it's going to count in zero based but i want it in numbers one two three four five uh and we will grab the integer form of s so that's the actual share value but i want to carve out the one hyphen two hyphen etc so i'll slice from two forward and now let's verify that our little their version variable we'll have to run it with python 2 as usual because that module isn't working in that python 3 mode okay now we have the correct data points that we want and it looks like we can just give those to that points to secret int uh function here so let's say uh secret equals points secret int on their version and let's print out our secret what do we have here whatever that is okay let's try and convert that uh i like this really trick this nice convenience thing from crypto utl number it has a bytes to long and a long to bytes so if you have a like long integer or just an integer or a number to begin with you can convert it into what would be its ascii representation or in the bytes so let's use long to bytes on that so i will be able to long two bytes secret and that should roll right through it awesome cool okay so i hadn't heard of shamir secret sharing before um maybe it's just kind of known to have that prefix of one hyphen and the data and then cut it up into different slices or slivers of the secret or different shares right but that's that that is that challenge uh not that hard i guess kind of once you identify it and know what to do with it with some of the tools but the fact that python can do it is pretty slick we should see what we can do to get this module converted to python 3 because i know python 2 is dead and the internet gets really angry at me when i use python 2 so here we go that's that challenge i hope you guys enjoyed this video if you did please do press that like button leave a comment i'd love it i'd appreciate it subscribe hit the bell do the things that the youtube algorithm needs thank you thank you thank you i'd love to see you guys on patreon if you're willing to help support and donate thank you so much i cannot say that enough paypal if you just like a one-time thing link in the description also i'd love to see you in the discord server link in the description linked in facebook twitter instagram i don't know it just it'd be great to see you and thank you thank you thank you so much for your support all right hope to do more of these coming at you thanks so much guys take care