HackTheBox Crypto Challenge: Bank Heist

HackTheBox Crypto Challenge: Bank Heist

In this post, we will be looking at a simple hackthebox crypto challenge “Bank Heist” and what are the things which we can identify.

The purpose of this post is to give you a mindset to start solving challenges by using any programming language. This helps you in understanding how things work in the background. Neither you will be getting any flags here nor I’m going to explain every line of the python code.


Unlike many other HTB crypto challenges, where you must understand the hints shared by challenge authors across the forums, this one was pretty self explanatory. If we look at the description/hint of this challenge

You get to the scene of a bank heist and find that you have caught one person. Under further analysis of the persons flip phone you see a message that seems suspicious. Can you figure out what the message to put this guy in jail?

HTB Hint

The downloaded file gives us a text file which contains the following message

444333 99966688 277733 7773323444664 84433 22244474433777, 99966688 277733 666552999. 99966688777 777744277733 666333 84433 443344477778 4447777 44466 99966688777 4466688777733. 84433 5533999 8666 84433 55566622255 4447777 22335556669. 4666 8666 727774447777.

47777888 995559888 4555 47777888 44999988 666555997 : 8555444888477744488866888648833369!!

Challenge Message

What is the first thing that you’re going to think of this? What the heck is this?

In order to understand what this actually is, we should have a look at the hint again which says something about “flip phone“.

A flip phone

We can see the words are of repeated numeric sequence. Just like if we have to send a message using this phone, we have to repeatedly press some number to get the desired alphabet. This is known as T9 keypad.

T9 Revisited

T9 is a predictive text technology for mobile phones (specifically those that contain a 3×4 numeric keypad), originally developed by Tegic Communications, now part of Nuance Communications. T9 stands for Text on 9 keys.


To decode the message in text file, we can write a very simple python function to translate our T9 keypresses to readable text message.

Using the above python function, we can translate your secret message to readable text.

if you are reading the cipher, you are okay. your share of the heist is in your house. the key to the lock is below. go to paris.

gsv xlwv gl gsv hzu olxp : tlivgrivnvmgufmw!!

Translated Message

The last line still looks like some ciphered message. There are repeated words here like “gsv”. A simple google search reveals that this is a atbash ciphered word which decodes to “the”.

Atbash Cipher

The Atbash cipher is a particular type of monoalphabetic cipher formed by taking the alphabet (or abjad, syllabary, etc.) and mapping it to its reverse, so that the first letter becomes the last letter, the second letter becomes the second to last letter, and so on.


We can again write a simple python function to achieve the same functionality and decipher this last bit.

You can use this function to decipher the last line of our decoded message above to get the flag.

Leave a Reply

Your email address will not be published. Required fields are marked *