This was a quite simple challenge, despite that it was solved by few teams and I found it quite interesting, so here’s a writeup!

The website we have access to uses some custom hashing algorithm to grant access to specific pages. We have the hash that allows us to access the homepage and the one for the admin login page. We also have the source code of the BHE (Best Hash Ever) algorithm, however the challenge description suggests it’s an HMAC, so we thought that we would probably need to compute bhe(secret + pagename).

The code of the hashing algorithm can be summarized by the following code:

def round(byte):
    c = 162888806
    for i in range(3, 0, -1):
        state[i] = (state[0] * state[i] + state[0] * byte) % 4294967295
    self.state[0] = (state[0] * c + state[1] * byte) % 4294967295

def hash(data):
    for char in data:
        round(ord(char))
    return "".join([to_hex(x) for x in state])

So basically we know that every character gets processed and modifies the internal states, at the end the hash is the concatenation of the states. We can notice that if we have_ bhe(secret)_ we can use it as starting state of the algorithm and thus compute _bhe(secret + whatever_we_want)_. We thought that maybe the hash of the homepage was _bhe(secret)_, as the path of the homepage was just “/”. We used that to compute the hash for the flag page. This code automates the work.

fox