cybersecurity

HTB Cyber Apocalypse CTF 2025: Tales from Eldoria - AI ML - Malakar's Deception

1337 Sheets
1337 Sheets
·
HTB Cyber Apocalypse CTF 2025: Tales from Eldoria - AI ML - Malakar's Deception

Unveiling the Hidden Enchantment in malicious.h5: A Detailed Analysis

Challenge: Investigate a mysterious magical artifact (malicious.h5) exhibiting unusual behavior to uncover its secrets. The flag format is HTB{REDACTED}.

Workflow: We will systematically inspect the malicious.h5 file, leveraging tools like h5py and online model visualizers like Netron to understand its structure and identify any hidden elements or malicious code.

Step-by-Step Analysis:

  1. Initial Inspection with h5py:

    • Purpose: Start by understanding the basic structure of the malicious.h5 file. H5 files are hierarchical, and h5py allows us to navigate this structure programmatically. We want to see what groups and datasets are present.

    • Action: Use a Python script with h5py to print the names of all groups and datasets within the file.

      python -c "import h5py; f = h5py.File('malicious.h5', 'r'); f.visititems(lambda name, obj: print(name))"

    • Observation: Running this script reveals a typical structure for a Keras/TensorFlow model, with groups like model_weights and layers like conv2d_1, batch_normalization_1, etc. However, amidst these standard layers, we notice an unusual layer named hyperDense. This non-standard name immediately raises suspicion.

  2. Visualizing the Model with Netron:

    • Purpose: A visual representation of the model architecture often provides a quicker and more intuitive understanding than just text output. Netron is a web-based tool that excels at visualizing neural network models.

    • Action: Upload the malicious.h5 file to https://netron.app/.

    • Observation (Crucial Insight): Netron visually renders the model graph. Navigating through the layers, we locate the hyperDense layer. Inspecting its properties in Netron reveals that:

      • It is a Lambda layer. This is significant because Lambda layers in Keras allow for arbitrary code execution during model loading or inference.
      • It has two associated Lambda functions: one for the main function and one for the output shape function.
      • Crucially, both Lambda function configurations contain base64 encoded strings under the "code" parameter. This is a major red flag, strongly suggesting hidden code within the model.