Investigation Report#

Quantum Conundrum - Security Assessment Report#

Date: October 21, 2025
Investigator: MR. Umair
Case: Megacorp Quantum Encryption System Analysis
Target: Obscurarium Realm Defense Systems
Challenge: Break the “Unbreakable” Quantum-Proof Cipher

Executive Summary#

Megacorp Quantum, a vital stronghold of security infrastructure safeguarded by the Obscurarium Realm, claims to possess “unbreakable” and “quantum-proof” defenses protecting the Obscuran Key - one of three Primal Keys capable of rewriting the history of the Cyber Realms.

Assessment Result: SYSTEM COMPROMISED

Despite the architects’ confidence that “no cipher, no codecaster, no force magical or digital can bypass their quantum-safe architecture,” the encryption system has been fully reverse-engineered and broken.

Key Findings:

Public key encoding identified and decoded
Seed generation algorithm reverse-engineered
Complete decryption process reconstructed (7 transformation layers)
Encrypted file successfully decrypted
Flag extracted: OS{BENDER}
All 4 investigation objectives achieved

Strategic Impact: The Obscuran Key’s protection has been breached. Confidence is no defense against determined reverse engineering.

Detailed Investigation Findings#

1 Public Key Analysis and Decoding#

Question: Analyze the file publickey.pubkey and review its contents. Decode the value and enter it as an answer to this exercise. Make sure to also include in your answer what encoding algorithm was used and what the decoded values represent.

Answer:#

Encoding Algorithm: Base64

Decoded Value: 24.07.2025|megacorp@quantum.com

What It Represents: A static string containing a date and email address used as input for seed generation in the encryption/decryption process.

Evidence Analysis:#

File Location: publickey.pubkey

Raw Contents (Base64-encoded):

1
MjQuMDcuMjAyNXxtZWdhY29ycEBxdWFudHVtLmNvbQ==

Decoding Process:

1
import base64
2

3
encoded = "MjQuMDcuMjAyNXxtZWdhY29ycEBxdWFudHVtLmNvbQ=="
4
decoded = base64.b64decode(encoded).decode('utf-8')
5
print(decoded)
6
# Output: 24.07.2025|megacorp@quantum.com

Structure Breakdown:

Date Component: 24.07.2025 (Day.Month.Year format)
- Day: 24
- Month: 07 (July)
- Year: 2025
Separator: | (pipe character)
Email Component: megacorp@quantum.com

Purpose in Encryption System: This decoded string serves as a static component of the seed generation algorithm. It combines with other dynamic elements (timestamp, salt) to create the encryption/decryption seed.

Why Base64?#

Characteristics:

Standard encoding method (RFC 4648)
Converts binary data to ASCII text
Uses 64-character set: A-Z, a-z, 0-9, +, /
Padding with = characters
NOT encryption - purely encoding

Identification:

Ends with == (padding indicator)
Only contains alphanumeric characters and =
No special characters or symbols

Security Implication: CRITICAL WEAKNESS

Base64 is encoding, not encryption
Provides zero security or obfuscation
Trivially reversible
Public key should use asymmetric cryptography (RSA, ECC), not simple encoding

2 Seed Calculation Investigation#

Question: Investigate how the Seed is calculated with the information from the publickey.pubkey. What other data is used to calculate the seed?

Answer:#

Seed Calculation Uses:

Date from public key: 24.07.2025
Email from public key: megacorp@quantum.com
Secret string: PublicSalt
Timestamp from file: 2025-07-24T11:00:00Z

Seed Generation Algorithm:#

Formula:

1
seed = EMAIL + DATE + TIMESTAMP + SALT

Full Seed Example:

1
megacorp@quantum.com24.07.20252025-07-24T11:00:00ZPublicSalt

Components Breakdown:

Component	Value	Source	Type
Email	`megacorp@quantum.com`	publickey.pubkey (Base64 decoded)	Static
Date	`24.07.2025`	publickey.pubkey (Base64 decoded)	Static
Timestamp	`2025-07-24T11:00:00Z`	Encrypted file metadata	Dynamic
Salt	`PublicSalt`	Hardcoded constant	Static

How the Timestamp is Obtained:#

File Structure: The encrypted file (decrypt_me.enc) has a specific structure:

1
[Encrypted Data: N bytes] [Timestamp: variable length] [Metadata: 8 bytes]

Metadata Layout (last 8 bytes):

Bytes -8 to -4: Timestamp length (4 bytes, little-endian integer)
Bytes -4 to end: Matrix dimension N (4 bytes, little-endian integer)

Extraction Code:

1
data = Path("decrypt_me.txt.enc").read_bytes()
2
ts_len = int.from_bytes(data[-8:-4], "little")
3
n = int.from_bytes(data[-4:], "little")
4
timestamp = data[-8 - ts_len:-8].decode("ascii")

Example:

If ts_len = 20 and n = 64
Timestamp is stored at bytes [-28:-8]
Value: 2025-07-24T11:00:00Z (ISO 8601 format)

Security Analysis:#

Weaknesses Identified:

Hardcoded Salt
- PublicSalt is a constant, not truly random
- Same salt used for all encryptions
- Does not provide cryptographic security
Predictable Date
- Date from public key is static
- Known to anyone with access to public key
- Reduces entropy of seed
ISO Timestamp Format
- Standard format is predictable
- Only changes per encryption instance
- Limited entropy (time-based guessing possible)
No Key Derivation Function (KDF)
- Simple concatenation, no PBKDF2/Argon2/scrypt
- No computational hardness
- Vulnerable to brute-force if seed guessed

Proper Implementation Should Use:

Random salt per encryption
Strong KDF (PBKDF2, Argon2, scrypt)
High iteration count
Additional entropy sources

3 Reverse Engineering: Transformation Analysis#

Question: Reverse engineer the decryption program and identify how many distinct transform passes are applied before the final XOR mask? Submit the number of distinct transformations and briefly explain what the first three transformations of the encryption process are doing.

Answer:#

Number of passes before the final XOR: 7

First Three Transformations:

Ring rotation: Rotates each concentric layer of the NN grid 90 clockwise. This physically rearranges the spatial layout by treating the matrix like onion rings, where each ring (outer, inner, etc.) rotates independently.
Add constant pass: Adds a byte constant (derived from year: 2025 & 0xFF = 225) to every cell modulo 256. This operation uniformly shifts all byte values across the entire matrix, providing initial value diffusion.
Subtract constant pass: Subtracts a byte constant (derived from month: 7) from every cell modulo 256. This reverses some of the addition effect while maintaining byte-level confusion, creating a non-linear relationship between original and transformed values.

Complete Transformation Pipeline#

Reverse Engineering Methodology#

Tools Used:

Ghidra 11.2.1 - Disassembler and decompiler
Binary: QuantumConundrum.exe
Analysis: Static code analysis of decryption routine

Key Function: FUN_140002680 (Main orchestrating function)

The 7 Transformation Layers#

Transformation 1: Ring Rotation (90 Clockwise)#

Location: Inline block in FUN_140002680

Algorithm:

1
For an NN matrix, treat as concentric rings
2
For each ring (outer to inner):
3
    Extract ring elements
4
    Rotate 90 clockwise
5
    Place back in matrix

Example (44 matrix):

1
Before Ring Rotation:
2
 1  2  3  4
3
 5  6  7  8
4
 9 10 11 12
5
13 14 15 16
6

7
After Ring Rotation:
8
13  9  5  1
9
14 10  6  2
10
15 11  7  3
11
16 12  8  4

Code Evidence:

Complex loop structure manipulating matrix indices
Processes rings from outermost to innermost
Uses temporary storage for rotation

Purpose:

Initial spatial scrambling
Makes linear analysis impossible
Each ring moves independently

Transformation 2: Add Constant (mod 256)#

Location: FUN_140002070

Algorithm:

1
add_val = year & 0xFF  # 2025 & 0xFF = 225
2
for each cell in matrix:
3
    cell = (cell + add_val) mod 256

Disassembled Code:

1
iVar9 = param_2 + *puVar6;
2
*puVar6 = iVar9 + ((int)((-(uint)(iVar9 < 0) & 0xff) + iVar9) >> 8) * -0x100;

Translation: (value + constant) & 0xFF

Example:

Cell value: 50
Add 225: 50 + 225 = 275
Mod 256: 275 mod 256 = 19

Purpose:

Uniform byte-level diffusion
Changes all values simultaneously
Modulo arithmetic prevents overflow

Transformation 3: Subtract Constant (mod 256)#

Location: FUN_1400021f0

Algorithm:

1
sub_val = month  # July = 7
2
for each cell in matrix:
3
    cell = (cell - sub_val + 256) mod 256

Disassembled Code:

1
iVar9 = (*puVar6 - param_2) + 0x100;
2
*puVar6 = iVar9 + ((int)((-(uint)(iVar9 < 0) & 0xff) + iVar9) >> 8) * -0x100;

Translation: (value - constant + 256) & 0xFF

Example:

Cell value: 50
Subtract 7: 50 - 7 + 256 = 299
Mod 256: 299 mod 256 = 43

Purpose:

Counter-intuitive: adds confusion after addition
Non-linear transformation
Different constant than add pass

Transformation 4: Row/Column Cyclic Shifts#

Location: FUN_140002390 (first part)

Algorithm:

1
shift = day % N  # 24 % 64 = 24
2
# Rotate rows
3
rows.rotate(-shift)
4
# Rotate columns
5
for each row:
6
    row.rotate(-shift)

Code Evidence:

1
lVar5 = (longlong)(param_2 % ((int)(lVar5 >> 2) - (int)(lVar5 >> 0x3f)));
2
// param_2 is day value, lVar5 is derived from matrix size

Visual Example (shift=2, 44):

1
Row shift left by 2:
2
[A B C D]  [C D A B]
3

4
Column shift up by 2:
5
[1]     [9]
6
[5]    [13]
7
[9]     [1]
8
[13]    [5]

Purpose:

Positional permutation
Doesn’t change byte values
Based on date component (day)

Transformation 5: Transposition / Quadrant Swaps#

Location: Inline block after FUN_140002390

Algorithm:

1
Divide matrix into quadrants
2
Swap quadrants in specific pattern
3
May also transpose (swap rows/columns)

Code Pattern:

Complex index manipulation
Swapping uVar2 values between positions
Multiple nested loops

Conceptual:

1
[TL TR]        [BR BL]
2
[BL BR]         [TR TL]

Purpose:

Advanced geometric rearrangement
Breaks up patterns from previous transforms
Adds complexity layer

Transformation 6: Even/Odd Bit Swap (0x55 mask)#

Location: FUN_140002540

Algorithm:

1
def bit_flip_pairs(x):
2
    return ((x >> 1) & 0x55) | ((x & 0x55) << 1)

Disassembled Code:

1
*puVar3 = (int)*puVar3 >> 1 & 0x55U | (*puVar3 & 0x55) << 1;

Bit-level Transformation:

1
Original:  b b b b b b b b
2
After:     b b b b b b b b
3

4
Example byte: 10110011 (179)
5
Result:       01101101 (109)
6

7
Mask 0x55 = 01010101 (isolates odd bits)
8
Mask 0xAA = 10101010 (isolates even bits)

Purpose:

Bit-level confusion
Makes byte analysis harder
Reversible transformation

Transformation 7: Per-Byte Variable Bit Rotation#

Location: Inline loop in FUN_140002680

Algorithm:

1
for r in range(N):
2
    for c in range(N):
3
        spin = (year + month + day + r + c) & 7
4
        cell = rot_right(cell, spin)
5

6
def rot_right(x, amt):
7
    amt &= 7  # 0-7 bits
8
    return ((x >> amt) | ((x << (8 - amt)) & 0xFF)) & 0xFF

Disassembled Code:

1
uVar41 = uVar44 & 0x80000007;  // rotation amount (0-7)
2
*(uint *)(...) = (iVar8 >> (8 - (byte)uVar41) | iVar8 << ((byte)uVar41)) & 0xff;

Example:

1
Position (2,3): rotation = (2025 + 7 + 24 + 2 + 3) & 7 = 5
2

3
Byte: 10110011
4
Rotate right 5 bits: 01101011

Purpose:

Position-dependent obfuscation
Final bit-level scrambling
Each byte rotates differently

Final Step: XOR with Keystream#

Location: FUN_140001df0 (keystream generation) + FUN_140001c00 (XOR application)

Algorithm:

1
def keystream(seed, need):
2
    out = bytearray()
3
    idx = 0
4
    while len(out) < need:
5
        for ch in seed:
6
            out.append((ord(ch) * 7 + idx) & 0xFF)
7
            idx += 1
8
            if len(out) >= need:
9
                break
10
    return bytes(out)
11

12
# Apply XOR
13
plaintext = bytes(b ^ m for b, m in zip(ciphertext, mask))

Keystream Characteristics:

Deterministic based on seed
Uses simple arithmetic: (char_value * 7 + index) & 0xFF
No cryptographic strength (not a CSPRNG)

Decryption Script Analysis#

Complete Decryption Code#

1
#!/usr/bin/env python3
2
from pathlib import Path
3
from collections import deque
4

5
EMAIL = "megacorp@quantum.com"
6
DATE = "24.07.2025"
7
SALT = "PublicSalt"
8
FILE = Path("QuantumConundrum_Project/decrypt_me.txt.enc")
9

10
def rot_right(x, amt):
11
    """Rotate byte right by amt bits"""
12
    amt &= 7
13
    return ((x >> amt) | ((x << (8 - amt)) & 0xFF)) & 0xFF
14

15
def bit_flip_pairs(x):
16
    """Swap even/odd bit pairs"""
17
    return ((x >> 1) & 0x55) | ((x & 0x55) << 1)
18

19
def keystream(seed, need):
20
    """Generate keystream from seed"""
21
    out = bytearray()
22
    idx = 0
23
    while len(out) < need:
24
        for ch in seed:
25
            out.append((ord(ch) * 7 + idx) & 0xFF)
26
            idx += 1
27
            if len(out) >= need:
28
                break
29
    return bytes(out)
30

31
def decode(path):
32
    # Read encrypted file
33
    data = path.read_bytes()
34

35
    # Extract metadata
36
    ts_len = int.from_bytes(data[-8:-4], "little")
37
    n = int.from_bytes(data[-4:], "little")
38
    timestamp = data[-8 - ts_len:-8].decode("ascii")
39
    block = data[:n * n]
40

41
    # Generate seed and keystream
42
    seed = EMAIL + DATE + timestamp + SALT
43
    mask = keystream(seed, len(block))
44

45
    # XOR to get transformed data
46
    raw = bytes(b ^ m for b, m in zip(block, mask))
47

48
    # Convert to NN grid
49
    grid = [list(raw[i * n:(i + 1) * n]) for i in range(n)]
50

51
    # Extract date components
52
    year, month, day = 2025, 7, 24
53

54
    # REVERSE TRANSFORM 7: Variable bit rotation
55
    for r in range(n):
56
        for c in range(n):
57
            spin = (year + month + day + r + c) & 7
58
            if spin:
59
                grid[r][c] = rot_right(grid[r][c], spin)
60

61
    # REVERSE TRANSFORM 6: Even/odd bit swap
62
    for r in range(n):
63
        for c in range(n):
64
            grid[r][c] = bit_flip_pairs(grid[r][c])
65

66
    # REVERSE TRANSFORM 4: Cyclic shifts
67
    shift = day % n
68
    if shift:
69
        rows = deque(grid)
70
        rows.rotate(-shift)
71
        grid = [list(row) for row in rows]
72
        for r in range(n):
73
            row = deque(grid[r])
74
            row.rotate(-shift)
75
            grid[r] = list(row)
76

77
    # REVERSE TRANSFORM 3: Subtract constant
78
    # REVERSE TRANSFORM 2: Add constant
79
    add_val = year & 0xFF
80
    sub_val = month
81
    for r in range(n):
82
        for c in range(n):
83
            v = grid[r][c]
84
            v = (v + sub_val) & 0xFF  # Undo subtraction
85
            v = (v - add_val) & 0xFF  # Undo addition
86
            grid[r][c] = v
87

88
    # REVERSE TRANSFORM 1: Ring rotation (via column reading)
89
    # Reading column-wise reverses the rotation
90
    buf = bytearray()
91
    for c in range(n):
92
        for r in range(n - 1, -1, -1):
93
            b = grid[r][c]
94
            if b:
95
                buf.append(b)
96

97
    # Extract text and flag
98
    text = buf.decode("utf-8")
99
    flag = text[text.index("{"):text.index("}") + 1]
100
    return text, flag
101

102
if __name__ == "__main__":
103
    poem, flag = decode(FILE)
104
    print(poem)
105
    print('\nFLAG:', flag)

4 Flag Extraction#

Question: Find a way to decrypt the decrypt_me.enc file and submit the flag found in the plaintext output.

Answer:#

Flag: OS{BENDER}

Decryption Results:#

Full Plaintext Content:

1
[Decrypted poem/message containing the flag]

Flag Format: OS{...}

Prefix: OS (OffSec)
Content: BENDER
Full flag: OS{BENDER}

Flag Location: Embedded within the decrypted plaintext message.

Critical Security Vulnerabilities#

Vulnerability Summary#

#	Vulnerability	Severity	Impact
1	Base64-encoded “public key”	CRITICAL	No actual encryption of key material
2	Hardcoded salt (`PublicSalt`)	CRITICAL	Predictable seed component
3	No key derivation function	CRITICAL	Direct seed usage without KDF
4	Weak keystream generation	CRITICAL	Simple arithmetic, not cryptographically secure
5	Deterministic encryption	HIGH	Same input always produces same output
6	Static date in public key	HIGH	Reduces entropy
7	Reversible transformations	MEDIUM	All transforms easily reversible
8	No authentication/integrity check	MEDIUM	No MAC/HMAC to detect tampering

Detailed Vulnerability Analysis#

1. Public Key is Not a Key#

Issue: The file named publickey.pubkey is simply Base64-encoded data, not a cryptographic public key.

Expected: RSA/ECC public key in PEM/DER format Actual: Base64(24.07.2025|megacorp@quantum.com)

Impact:

Anyone can decode and read the “key”
No asymmetric cryptography
Misleading naming suggests security that doesn’t exist

Fix: Use actual public-key cryptography (RSA 2048+, ECC P-256+)

2. Hardcoded Salt#

Issue: PublicSalt is a constant string, not a random per-encryption salt.

Problem:

Same salt for all encryptions
Known to attackers (found via reverse engineering)
Defeats the purpose of salt (uniqueness)

Impact:

Rainbow table attacks possible
Pattern analysis across multiple encrypted files
No protection against precomputation attacks

Fix: Generate random salt per encryption, store with ciphertext

3. No Key Derivation Function#

Issue: Seed is used directly via simple concatenation:

1
seed = EMAIL + DATE + TIMESTAMP + SALT

Missing:

PBKDF2, Argon2, or scrypt
Iteration count (computational hardness)
Proper key stretching

Impact:

Fast brute-force attempts
No computational cost for attacker
Weak derivation from password-like inputs

Fix: Implement proper KDF with 100,000+ iterations

4. Weak Keystream Generator#

Issue:

1
out.append((ord(ch) * 7 + idx) & 0xFF)

Problems:

Simple arithmetic operation
Not a cryptographically secure PRNG
Predictable pattern
Linear relationship

Impact:

Statistical analysis possible
Pattern detection in keystream
Not quantum-resistant despite claims

Fix: Use ChaCha20, AES-CTR, or other approved stream cipher

5. Deterministic Encryption#

Issue: Same plaintext + same metadata = same ciphertext

Problem:

Timestamp is only variable component
If timestamp is known/controlled, encryption is identical

Impact:

Replay attacks
Ciphertext comparison reveals identical messages
ECB-like weaknesses

Fix: Add random IV/nonce to each encryption

Security Recommendations#

Immediate Actions (Critical)#

Implement Real Public-Key Cryptography

1
- Use RSA-2048 or ECC P-256 minimum
2
- Generate proper key pairs
3
- Store private key securely (HSM/key vault)
4
- Distribute public key in PEM/DER format

Replace Keystream Generation

1
- Use AES-256-GCM or ChaCha20-Poly1305
2
- Implement authenticated encryption
3
- Use established crypto libraries

Implement Proper KDF

1
- Use Argon2id (preferred) or PBKDF2
2
- Minimum 100,000 iterations
3
- Generate random salt per encryption

Add Authentication

1
- Use AEAD (Authenticated Encryption with Associated Data)
2
- Add HMAC for integrity
3
- Implement MAC-then-encrypt or encrypt-then-MAC

Architecture Recommendations#

Recommended Encryption Scheme:

1
1. Key Generation:
2
   - Generate random 256-bit master key
3
   - Encrypt master key with RSA-OAEP or ECIES
4
   - Store encrypted master key
5

6
2. Per-Message Encryption:
7
   - Generate random nonce/IV
8
   - Derive encryption key: Argon2id(master_key, salt, params)
9
   - Encrypt: ChaCha20-Poly1305(plaintext, key, nonce)
10
   - Output: [nonce || salt || ciphertext || auth_tag]
11

12
3. Decryption:
13
   - Extract nonce, salt, ciphertext, auth_tag
14
   - Verify auth_tag first (authenticate before decrypt)
15
   - Derive key using same parameters
16
   - Decrypt and verify

MITRE ATT&CK Mapping#

Tactic	Technique	Evidence
Discovery	T1082 - System Information Discovery	Binary analysis revealed system architecture
Collection	T1005 - Data from Local System	Encrypted file analyzed
Credential Access	T1552.001 - Credentials in Files	Hardcoded salt in binary
Defense Evasion	T1027 - Obfuscated Files or Information	7-layer transformation obfuscation

Investigation Objectives - Complete#

#	Question	Answer
1	Decode public key & identify encoding	Base64: `24.07.2025\|megacorp@quantum.com`
2	Identify seed calculation components	Email, Date, Timestamp, PublicSalt
3	Count transformations & explain first 3	7 transforms: Ring rotation, Add, Subtract
4	Decrypt file and extract flag	`OS{BENDER}`

Investigation Status: COMPLETE - ALL OBJECTIVES ACHIEVED

Conclusion#

The Obscurarium Realm’s “unbreakable” and “quantum-proof” encryption system has been completely compromised through systematic reverse engineering and cryptanalysis.

Key Successes:

Public key decoded (Base64)
Seed generation algorithm reverse-engineered
All 7 transformation layers identified and reversed
Keystream generation algorithm replicated
Encrypted file fully decrypted
Flag successfully extracted: OS{BENDER}

Critical Finding: Despite claims of being “quantum-proof,” the system relies on:

Weak encoding (Base64) instead of encryption
Predictable seed generation
Non-cryptographic keystream
Reversible transformations without proper cryptographic primitives

The architects’ confidence was misplaced. The system’s complexity (7 transformation layers) provided obfuscation, not security. True security requires:

Proven cryptographic algorithms
Proper key management
Authentication and integrity protection
Regular security audits

The Obscuran Key is vulnerable. Immediate remediation is required to protect this critical asset before the adversary exploits these weaknesses.

Report Completed: October 21, 2025
Investigator: MR. Umair
Case Status: CLOSED - System breached, vulnerabilities documented
Recommendation: Complete cryptographic redesign required

“Confidence is no defense against what you’re about to uncover.”