https://github.com/secretsquirrel/bounty-encryptagit

Can you crack it?
https://github.com/secretsquirrel/bounty-encryptagit

Last synced: 3 months ago
JSON representation

Can you crack it?

• Host: GitHub
• URL: https://github.com/secretsquirrel/bounty-encryptagit
• Owner: secretsquirrel
• Created: 2022-05-20T01:56:37.000Z (about 4 years ago)
• Default Branch: main
• Last Pushed: 2022-05-20T04:59:26.000Z (about 4 years ago)
• Last Synced: 2025-04-06T07:45:25.080Z (about 1 year ago)
• Size: 63.5 KB
• Stars: 1
• Watchers: 3
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Funding: .github/FUNDING.yml

Awesome Lists containing this project

README

          
# EncryptAGit Bounty

Can you crack it?

## But Why?

![But Why](https://media0.giphy.com/media/s239QJIh56sRW/giphy.gif)

I've been dog fooding [encryptAgit](https://github.com/secretsquirrel/encryptAgit) and it's open source. 

So, a bounty seemed appropriate. Yes, this is self funded.

## Bounties

Each reward is given out *only once* to the first person or team that can provide a writeup of the process to successfully decrypt each note and actually decrypt each note.

Examples: If you tell me that all you need is the correct salt/password combo, then provide those two items and tell me how you derived them; whether bruce forcing or figuring out I like Star Wars movies and getting lucky. If you were able to do a padding oracle attack of sorts, provide the code used so I can verify that was the method used to decrypt the files.

The encrypted_git.json file and associated git history was created with encryptAgit==0.1.0; download [here](https://github.com/secretsquirrel/encryptAgit/tree/790b5291da8e016006ea8fb55889605506c22b31) or via `pip3 install encryptAgit==0.1.0`.

This [commit](https://github.com/secretsquirrel/Bounty-EncryptAGit/commit/954d2aa5fbad53f5ade048bb789b206a529c3d5b) is the last commit with changes to all the notes.

Each note increases in size thereby potentially making the challenge harder. Or is it easier? 😉

The salt for KDF and password are the same for all of the commits. 😱

However, the salt and password are each complex.

I will consider partial decryption of the final files for a prorated reward. 

Partial decryption entries will not be accepted as final until the final day of submissions to ensure full decryption submissions are received. The best partial decryption entry will get the prorated reward per note. So only one reward per note, the best entry.

#### Reward 1: $500

Decrypt the final instance of Note1.txt

#### Reward 2: $1000

Decrypt the final instance of Note2.txt

#### Reward 3: $1500

Decrypt the final instance of Note3.txt

#### Reward 4: $2000

Decrypt the final instance of Note4.md

## End of bounty

Final day for valid submissions is May 20, 2023.

Payment will be made via Vemno or Paypal - whichever is still in business.

## Submissions

Email the.midnite[.]runr[at]gmail[dot]com. Email Subject: `EncryptAGit Bounty`

Only text entries will be accepted. No PDFs, word documents, STL files, encrypted zip files, photos, etc.. 

Attemping to or successfully hacking me, while hilarious, is a disqualifying event. 

Best of Luck! I'm looking forward to seeing the outcome of this.

## Hints

* https://www.youtube.com/watch?v=v0IsYNDMV7A