``````After a long day, you sit around a campfire in the wild wild web with a few Sioux you met today. To celebrate friendship one of them takes out his wooden peace pipe and minutes later everyone seems to be pretty dizzy. You remember that their war chief "Makawee" started something to say about a secret tipi filled with fire-water (the good stuff). But when he noticed your interest he immediately stopped talking. You recall that "Makawee" spoke with "Wahkoowah" about that issue, but it ended with a fight. Since then Makawee wouldnt talk to Wahkoowah anymore. While they argued "Chapawee" wrote something down. Maybe you can exploit their dizzyness to find out the location of the tipi.

wildwildweb.fluxfingers.net 1432
wildwildweb.fluxfingers.net 1433
wildwildweb.fluxfingers.net 1434
``````

Let’s analyze what we have:

• wildwildweb.fluxfingers.net 1432: Chapawee replies, he allows us to get some information on the crypto scheme that is being used, get a public key and save a public key associated with a name.
• wildwildweb.fluxfingers.net 1433: Wahkoowah replies, he asks who we are but we can say basically any name (including Makawee). He then shows us the public key associated with the name we said and then adheres to to protocol:
• generate some random r_w
• calculate magic: (pubk ^ r_w) % p_ and send it to us
• Expects some other value t_m, if we send that value it calculates a shared key =_ t_m ^ (privk_w ^ -1) * g ^ r_w % p_
• Sends us a token
• wildwildweb.fluxfingers.net 1434: Makawee replies, also here he asks who we are but we can say almost any name apart from Wahkoowah, in fact he had an argument apparently and does not want to talk with him. Then he also adheres to the protocol.

If we could perform a Man-In-The-Middle attack we could relay messages between Wahkoowah and Makawee and get the flag, in fact if we manage to send to Makawee a valid token he will send us the flag. As we do not know how the token is computed MITM looks like the only option.

The trivial solution that probably already came to the mind of a careful reader is the following:

• Get the public key of Wahkoowah
• Register an account with that public key with a different name
• Go to Wahkoowah and pretend to be Makawee, go to Makawee and tell him you are a user with the same public key of Wahkoowah
• Relay messages between the two peers and get the flag

However this approach does not work, Makawee is smart enough to figure out the trick! He will not accept the public key of Wahkoowah. The only solution left is then to forge a public key pubk_w' != pubk_w such that if we identify with that key to Makawee and then relay the messages we end up with a successful communication (i.e.: the two peers have the same shared key). Luckily it is possible to forge that key! In fact we can create a pubk_w' = -_pubk_w % p _that works 50% of the times, and that’s definitely good enough.

We know that this works because when Makawee will compute t_m' = (-pubk_w) ^ r_m % p, t_m' will be equal to t_m = pubk_w ^ r_m % p if r_m is even, so roughly 50% of the times.

So I created a user called jolly with pubk_w' with the service on port 1432, then here’s the dump of the communication

Hi, I’m Wahkoowah. Who are you? Too foggy… Makawee Oh its you, Im so sorry. Can we talk now? _ This is your key of truth_ _ 50e7e1957c1786a9442f0c9f372ec19f74f52839e9e38849b47438153f9d2483213a43ad2d988fab4a8707922060aaefe6504a70637596fbcf9d58362b23e5d5e2177fd4e919b80437bab51eda931e065b6d66fce343d7cb2b7c1ca26214792d461895095ae58354af0dec6e63869007e23835892f26aabc96fe3d9084a829b4d6c5b92c6f3e0dd9a70cbd5c72d6434f2b94d21c3b0c58a288c140642b813ffb1b632bc358b3a6af0124902acd8792202c848de7f9d5d98bee51ca69040c8a2457ad3fa6276d6510701b9a875df612e035322cad06579a0a11f5e7cb4ebb7b69171c38585fc0f4fe07b0c889442397029d05dc801026a0648d7aa8c847420e9c_ _ With magic I did this:_ _ abde1250558be4201d0269110d273be05d70f0623c27507dc57af293e4a96e06309b92cb55e73c62d8322fc8a9d8f89d4b2a0746c5cf7ff69aaf8002fb5abc437d40855bf159c2d77d77bded321d42e08f7bf89585c6e35cf7682b2a67a0fb013044c61affc7fbcc0186ff8a8c66c1285f60fe237f17f7e1e1852101cba170d685d6c055d90e95a0433c323cf01573d15e8d6d602a115dc63d87c9d88e40ed69d059e93e098c7c2309a228997e82d2842ad8418bff78157f5d1887a0672f8edfa80de07ff11cb32c4c0755562187af36136b5e1c2fa34b62735fec6106a044986501dee58b7a78f6dc0b058aa3857c23572d473e3e5b2cfdd62e2095e8a00956_ _ We continue our conversation, right?_

…let’s go to Makawee and send him the magic by Wahkoowah.