Home > Writeups > Raptor Weekly 2 - ECHELON Crypto 3 - 5.1 ; ECHELON

Raptor Weekly 2 - ECHELON Crypto 3 - 5.1 ; ECHELON

Assembling three named artifacts recovered across five prior challenges, a signing key exfiltrated in four fragments, a C2 handshake key, and a certificate-derived access key. Then computing their HMAC-SHA256 combination to authenticate to the CODEWORD tier.

Date: May 10, 2026 Category: Crypto Difficulty: Hard Views: 4
Tags:
crypto hmac multi-stage ECHELON Raptor-Weekly

5.1 ; ECHELON

Challenge Description

One challenge. Three artifacts. One operation.

URL: https://echelon.two-shoes.org/codeword

Overview

The CODEWORD portal accepts a single composite key derived from three artifacts recovered across the prior tiers. The derivation method is implied by the narrative. The three inputs are the assembled signing key from 4.2 ; EXFIL, the C2 handshake key from 4.1 ; REMNANT, and the cert-derived memory key already computed in 3.3 ; COLD CASE. The combination is HMAC-SHA256.

Step 1: Assemble the Signing Key

From 4.2 ; EXFIL: chunks 1, 2, and 4 were decrypted from the ECP stream. Chunk 3 was recovered from the X-Session-Trace header in the Tier 2 INTERCEPT PCAP. Each chunk contains a DATA field. Concatenate them in order:

chunk1 DATA ; 7f3d9a1e2b4c8f0a6d5e9c3b7f2a1d8e
chunk2 DATA ; 1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d
chunk3 DATA ; f1e2d3c4b5a69788
chunk4 DATA ; 9c8b7a6f5e4d3c2b1a0f9e8d7c6b5a4f

signing_key = bytes.fromhex(
    "7f3d9a1e2b4c8f0a6d5e9c3b7f2a1d8e"
    "1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d"
    "f1e2d3c4b5a69788"
    "9c8b7a6f5e4d3c2b1a0f9e8d7c6b5a4f"
)

Step 2: Recover the Handshake Key

From 4.1 ; REMNANT: decrypting beacon.enc via the Pohlig-Hellman attack yields a JSON payload. The handshake_key field is the C2 session key:

handshake_key = bytes.fromhex(
    "bbae799e97910c693a63f82bf54e26a7"
    "88626bc46b9fc75746929fc3580b70ee"
)

Step 3: Recover the Cert Key

From 3.3 ; COLD CASE: the decrypted heap page contains an ACCESS.CERT.KEY field in the HEAP.ARTIFACT ; FILE.ACCESS.RECORD block. This is the value to use directly:

cert_key = bytes.fromhex("8e828c782fd0d3c1b95ac0da6853f75b")

For verification: it is SHA-256(cert_der)[:16] where cert_der is the DER-encoded operator certificate from 3.2 ; FREQUENCY, the same value computed to decrypt the snapshot.

Step 4: Derive the Composite Key

The CODEWORD gate shows OPERATION ; HMAC-SHA256. The key role and message contents are not provided. From the artifact names:

  • The payload type in 4.2 was SIGNING.KEY.MATERIAL, the signing key is the HMAC key
  • The remaining two named values are the message: handshake_key (4.1) and ACCESS.CERT.KEY (3.3), concatenated in that order
import hmac, hashlib

msg           = handshake_key + cert_key
composite_key = hmac.new(signing_key, msg, hashlib.sha256).hexdigest()
# fe4d4c1ecdd5b4f44516f55c5cee9f0a2c023b72a02c70b78e87760f0252a094

Step 5: Submit

POST the composite key to /codeword:

curl -b cookies.txt -X POST https://echelon.two-shoes.org/codeword \
  -d "key=fe4d4c1ecdd5b4f44516f55c5cee9f0a2c023b72a02c70b78e87760f0252a094"

Why This Combination

Every component has a clear provenance:

  • The signing key was the payload being exfiltrated from NODE 07 via the C2 channel on 2026-03-16. Its recovery required understanding the ECP protocol, decrypting three of four chunks, and finding the missing fourth in a PCAP from two days earlier.
  • The handshake key authenticated the C2 session itself. Its recovery required reversing a stripped binary implementing weak Diffie-Hellman and applying Pohlig-Hellman.
  • The cert key authenticated physical access to NODE 07's memory. Its role as a key derivation input was established when players used it to decrypt the EMSF snapshot in 3.3.

Together: the operator who could access the node, the beacon that compromised it, and the data it was trying to exfiltrate. ECHELON in full.

Flag

ECHELON{y0u_have_clearance}

< Back to All Writeups

ma1ice@ctf:~/writeups$ cat raptor-weekly-2-echelon-crypto-3-5-1-echelon.md | wc -l

Published 2026-05-10 • Crypto