Integrity and Authentication


Cryptographic Exploitation.

This module covers cryptographic hash functions and message authentication codes. You will compute SHA-3 family digests, study preimage and collision resistance, and exploit practical weaknesses such as length extension, CBC-MAC misuse, and weak HMAC secrets.



Challenges

SHA3-256

This challenge is a direct introduction to the SHA-3 family. You are given a message and asked to compute its SHA3-256 digest exactly.

The service prints the message in plain text. Submit the digest as hexadecimal to receive the flag.

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

SHAKE256

This challenge introduces extensible-output functions through SHAKE256. You are given a message and must compute a 16-byte SHAKE256 output for it.

The important detail is that SHAKE does not have a fixed digest size. Make sure you produce the exact output length requested by the prompt.

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

Preimage Resistance

This challenge demonstrates how weak a hash becomes when its output is truncated too aggressively. The target digest is only 3 bytes of SHAKE256 output, so finding a matching preimage is practical.

Submit any hex-encoded message whose SHAKE256 digest matches the target value shown by the service.

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

Collision Resistance

This challenge studies collision resistance under an intentionally short digest. You must find two different messages, each at least 32 bytes long, that collide under a 5-byte SHAKE256 output.

Because the digest is so small, a birthday-style search is enough to find a collision. Submit both messages as hexadecimal.

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

Length Extension

This challenge focuses on the classic SHA-256 length extension attack against a naive hash-based construction. You are given the hash of an unknown 55-byte message and an attacker-controlled suffix.

Use the known message length to reconstruct the Merkle-Damgard padding and compute the digest of secret || padding || suffix without learning the original secret.

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

CBC-MAC

This challenge is a direct CBC-MAC computation exercise. The service gives you the AES key and a fixed message, and you must return the correct 16-byte tag.

Treat the message as raw bytes, use AES-CBC with a zero IV, and submit the final ciphertext block as hexadecimal.

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

CBC-MAC with Random IV

This challenge shows why CBC-MAC should not use a random or attacker-controlled IV. You are given a valid message, IV, and tag, along with a required replacement for the first block.

Your task is to compute a new IV so that the modified message still verifies under the original tag.

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

CBC-MAC Length Extension

This challenge demonstrates how CBC-MAC becomes forgeable when variable-length messages are accepted without binding the length into the MAC computation. You are given two valid message-tag pairs under the same key.

Construct a new message and a valid tag for it by chaining the known MAC state into an extended message.

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

Weak HMAC Keys

HMAC is secure when the secret key is unpredictable, but this challenge uses a password-style key assembled from a small set of personal details and symbols.

Recover the password from the provided structure and candidate values, then submit it to authenticate the message.

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

30-Day Scoreboard:

This scoreboard reflects solves for challenges in this module after the module launched in this dojo.

7-Day | 30-Day | All-Time

Rank Hacker Badges Score