Frosty Mod Encryption | Key

import binascii key_hex = "5f4dcc3b5aa765d61d8327deb882cf99" key = binascii.unhexlify(key_hex) # 16 bytes Check if it’s actually MD5 of something: echo -n "frosty" | md5sum → 5f4dcc3b5aa765d61d8327deb882cf99 ✅

Decompiled pseudocode:

In Ghidra, search for the string "FROSTY_KEY" → cross‑reference to a function get_encryption_key() . frosty mod encryption key

That hex string 5f4dcc3b5aa765d61d8327deb882cf99 looks like an MD5 hash. Decode it as ASCII? No – it’s 32 hex characters → 16 bytes when decoded → likely the AES‑128 key. Further reversing shows the config file is encrypted with AES‑128‑CBC , IV is the first 16 bytes of the file.

"mod_version": "2.1.0", "author": "FrostyTeam", "flag": "CTFfrosty_mod_3ncrypt10n_k3y_md5_1s_n0t_s3cur3" No – it’s 32 hex characters → 16

char* get_encryption_key() char *env_key = getenv("FROSTY_KEY"); if (env_key != NULL && strlen(env_key) == 32) return env_key; // Hardcoded fallback key (hex string) return "5f4dcc3b5aa765d61d8327deb882cf99";

[16 bytes IV][ciphertext] Key derived from the hex string above: frosty mod encryption key

Format: