Tokyo Western 2017 - My Simple Cipher -Write up

This my first cipher system. Can you break it?
my-simple-cipher.7z

We are given 2 files Encrypted.txt and cipher.py
Now we take a look at cipher.py file to see how the flag is encrypted

#!/usr/bin/python2

 import sys
import random

 key = sys.argv[1]
flag = '**CENSORED**'

 assert len(key) == 13
assert max([ord(char) for char in key]) < 128
assert max([ord(char) for char in flag]) < 128

 message = flag + "|" + key

 encrypted = chr(random.randint(0, 128))

 for i in range(0, len(message)):
  encrypted += chr((ord(message[i]) + ord(key[i % len(key)]) + ord(encrypted[i])) % 128)

 print(encrypted.encode('hex'))
Okay, after take a look, we know that:
1. len(key) = 13 and they should be in range(32,128) as well as the flag
2. len(flag) = 21
encrypted = chr(random.randint(0, 128)) and then
for i in range(0, len(message)):
  encrypted += chr((ord(message[i]) + ord(key[i % len(key)]) + ord(encrypted[i])) % 128)
okay, so encrypted[0] = chr(random.randint(0,128)) = chr(124)
and then the encryption goes like
encrypted[i+1] = chr(  ((ord(message[i] + ord(key[i % 13]) + ord(encrypted[i]) ) % 128 )
We can use known-plaintext attack to recover the key
I assume that the unknown characters in message is 'a'
So message =  'TWCTF{' + 'a'*14 + '}' + '|' + 'a'*13

It mean that we can recover the first-Sixth letters of flag by bruting from range(32,128)

from binascii import *
encrypted = unhexlify(format(int(open('encrypted.txt','r').read(),16),'x'))
plain ='TWCTF{' 
key = ''
for i in range(0,6):
    for char in range(32,128):
       if encrypted[i+1] == chr(   ((ord(plain[i]) + char) + ord(encrypted[i]) ) %128) :
          key+= chr(char)
print key

 Note that message[i] = encrypted[i+1] 


okay , key = 'ENJ0YH'
we know that message = flag + '|' + key
-> message =  'TWCTF{' + 'a'*14 + '}' + '|' + 'ENJ0YH' + 'a'*7
message.index('}') = 20 % 13 = 7 -> we brute and get key[7] character
message.index('|') = 21 % 13 = 8 -> we brute and get key[8] character
message.index('E') = 22 % 13 = 9 -> we brute and get key[9] character
message.index('N') = 23 % 13 = 10-> we brute and get key[10] character
message.index('J') = 24 % 13 = 11 -> we brute and get key[11] character
message.index('0') = 25 % 13 == 12 -> we brutue and get key[12] character
Note that message[i] = encrypted[i+1] 






Okay, so the only letter that we dont know is at index 6 , but we know that it is '0' or 'O' , i use 'O' and luckily, it is the missing letter

key = 'ENJ0YHOLIDAY!'
We got the key, we got the flag :D





flag: TWCTF{Crypto-is-fun!}














Nhận xét

Đăng nhận xét

Bài đăng phổ biến từ blog này

CSAW 2017 Write up

Hình ảnh
1. Misc 50 2. Forensic 150 3. Forensic 200 4. Crypto 350 5. Misc 100 ( twich ) 1.  nc misc.chal.csaw.io 4239 flag{@n_int3rface_betw33n_data_term1nal_3quipment_and_d@t@_circuit-term1nating_3quipment} In this challenge, when we connect to the server, it will give us 11 bits bin Okay, It is 8-1-1 even parity . It will look like 0        0.....0   0               0 start   data    parity bit   stop So now we check the data and the parity bit , if it right, we will get the data[-1] and send '1', or if it wrong, we will send '0' to make it retranmiss With parity bit, we can count the amount of  bit '1' in data , if the amount is even, the parity bit will be 0  okay now we write a script to do it and eat some snack, then we got the flag 2. Forensic 150:  It's registration day! These forms just seem longer and longer... UPDATE 10:44 Eastern: New pcap that should be a bit easier to work with. UPDATE 2:58 East
Đọc thêm

Write up - SHACTF 2017 ( 2For100 + Cryp100 + Network100 + Crypt200)

Hình ảnh
1. Crypt100 : Stackoverflow I had some issues implementing strong encryption, luckily I was able to find a nice example on  stackoverflow  that showed me how to do it. Challenge:  stackoverflow.tgz File contains: - Script At first, when we check the given site above, we know that this pdf was encrypted with AES-CTR mode, and more interesting, we can see that they reuse the Counter -> that make AES-CTR vulnarable to Known-Plaintext attack crypto = AES.new(os.urandom(32), AES.MODE_CTR, counter=lambda: secret) with secret = os.urandom(16) Okay, let take look at the AES-CTR , let see the reason why they are vulnerable to Known-Plaintext attack: 107.50 KB Normally Counter must be UNIQUE , so that the keystream will be different every step. It is more secured than reused , it will make AES-CTR encryption become:  E(m[i]) = message[i] ^ keystream = cipher[i] and when we know the plaintext message[i] and the cipher[i] , we will get the keystream then d
Đọc thêm

WhiteHat Challenge 04 Write up ( Misc + 2Cryp + For )

Hình ảnh
Lần tham gia đầu tiên với kì thi WhiteHat ( WhiteHat Challenge 02 ) thì team mình dừng ở vị trí 2x Lần thứ 2 ( WhiteHat Challenge 03 ) thì may mắn vào top 10 Và lần này may mắn team mình đã đạt được vị trí thứ 2 Misc 01:  A python code was encoded. Please try to get flag from this file. File:  http://material.wargame.whitehat.vn/challenges/4/Misc01_D7210F18B2D5D162E259C0BE089D4090.zip Ta thấy rằng file đề cho là 1 dãy base64  Sau khi decode ta nhận được file  Thay lệnh exec = lệnh print ta nhận được file  Tiếp tục thay lệnh exec = lệnh print ta nhận được flag flag : WhiteHat{Sha1(scr1pt_w1th_pyth0n_1s_ez)} Crypto01:  Decode the image to get an answer. Tool: Google Download file here: http://material.wargame.whitehat.vn/challenges/4/Crypto01_6B9F0BC772601E6C6770473DD97E3005.zip Sau khi tải file về, ta thấy các hình ảnh rất lạ, và với hint : Tool: Google, ta sẽ liên tưởng đến tìm kiếm hình ảnh của google Cuối cùng ta biết được nó
Đọc thêm