C̴̮̮̒h̷̠̍͜á̵͎̳p̵̼̭̒͠ẗ̷͈́̔͜e̶̡̒r̴̖͒ ̴̛̩̘͘3̵̟̒: The Authenticator in SHAdow

Remarkable work, agent. You have successfully hacked into the machine of the organisation's lead developer, DEV. Thanks to you, we have secured a foothold inside the target's internal network!

With this newfound access, we discovered that the organisation is running a customized internal chat application, MafiaChat.

Moreover, it seems that a suspicious individual named EMERALD and acting as the organisation's BOSS is trying to establish contact with DEV through MafiaChat. Our social engineering team certainly could make good use of this opportunity if you find a way to respond to him as DEV (@mafiaDEV).

Our team conducted a first analysis of the application. It looks like the development is still in its early phase and the confidentiality of the messages is not assured, therefore we can freely read messages from the server. Conversely, the messages' integrity is strongly enforced, and all the messages require signing through a specialized Hardware Security Module, running on a 3rd party machine. However, the conversation between DEV and another member of the organisation, Mafia-Bro, suggests that the Module contains a backdoor that you could exploit using your cryptography skills!

Thanksfully, the lead developer was in charge of this very project, and since we hacked their computer we got access to the source and binaries involved (albeit stripped from production secrets):

  • MafiaChat, a python server;
  • Shardy, a python client;
  • HSMM, a RISCV-64 C program used for message signing, which runs on a specialized Hardware Security Module.

According to some of DEV's notes, the backdoored hardware for running the HSMM binary can be emulated perfectly with QEMU and the provided backdoor.diff patch, how convenient! All assets, combined with appropriate Dockerfiles and some of the developer notes are available here.

Your goal is to send a first message (whatever it is) to EMERALD (@mafiaBOSS) as DEV (@mafiaDEV).