S03 · The Black Hat · L-11
AEAD Timing-Leak Debug
- Difficulty
- hard
- Type
- debugging
- Session
- Standard
- Stack
- Rust rust1.75
- Domain
- Cryptography
- Est. solve
- ~30 min
01 · The task
A secure-envelope library sometimes accepts messages it must reject: its tag verification mishandles certain attacker-shaped inputs and leaks information through timing. Locate the offending compare among the crate's crypto plumbing and make verification strict and constant-time. The cipher, MAC derivation, and framing are provided.
02 · Constraints
Constant-time
Execution time must not depend on secret data.
Primitives provided
Crypto primitives are supplied; the defect is in how they're used.
03 · Skills exercised
How to playDaemon
The whole level runs through the local promptly daemon — it pulls the workspace, captures your token usage, tests locally, and submits the ranked run.
Pair this machine
One-time — approve the code under your devices.
promptly pairPull the workspace
Downloads the starter kit into the current folder and starts the solve clock.
promptly init stage-3-11-aead-timing-leak-debugStart the captured session
Then drive your AI tool — the daemon meters every prompt and token live.
promptly start stage-3-11-aead-timing-leak-debugSubmit for ranked grading
Runs the full hidden suite and ends the attempt.
promptly submit
Or combine steps 02–03 into one commandShortcut
promptly play pulls the workspace, launches the daemon, and starts the captured session in a single step — the same as running init then start.
promptly play stage-3-11-aead-timing-leak-debug