Published on

BYUCTF 2023 – KCPassword

Authors
  • avatar
    Name
    Lumy
    Twitter

KCPassword

I'm too lazy to log into my Mac each time, so I enabled auto-logon. It's okay though because I'm sure that Apple will protect my password sufficiently...

Table of Contents

  1. Source code
  2. Solution

Source code

The challenge gives us a txt file : kcpassword.txt

Solution

When enabling auto-logon on a Mac, the OS will take your password, XOR it with a static key, and store it in the kcpassword file. To decrypt, simply XOR it with the static key again github.com/Heisenberk/decode-kcpassword/ .

└─$ python decode-kcpassword.py kcpassword.txt
byuctf{wow_Macs_really_have_it_encrypted_with_a_static_key_lol}

FLAG : byuctf{th4nk_y0u_4rs3n1y_sh4r0g14z0v}