[ENGLISH] Capture the Flag at UCF - Write Up - Crypto - XORLY
With in this blog post, we are going to solve the xorly.py challenge available at: https://ctf.hackucf.org/challenges#xorly
Below you find the challenge we have to solve.
Our challenge also tells us a sample plaintext: "Here is a sample. Pay close attention!"
As well as the encrypted message to it (see above)!
Writing a simple tool converting each character into a number e.g. H will be 72 (see ASCII Table).
Also we need to convert each hex numbers into a "real" number. 2E will be 46. Now we can XOR number 72 and 46 and we get: 102 which is the ASCII representation of: f
I wrote a simple C# program to automate this process:
Repeating this step over and over again, or using a selfmade tool, you will receive the key: fish
And then you can decipher the flag - to automate this step, I wrote a simple python script for it:
https://repl.it/repls/JumboEverlastingCoderesource
Below you find the challenge we have to solve.
#!/usr/bin/env python2
def encrypt(plaintext, key):
ciphertext = []
for i in xrange(0, len(plaintext)):
ciphertext.append(ord(plaintext[i]) ^ ord(key[i%len(key)]))
return ''.join(map(chr, ciphertext))
decrypt = encrypt
'''
I'll give you a sample of how this works:
Plaintext:
"Here is a sample. Pay close attention!"
Ciphertext: (encoded in hex)
2e0c010d46000048074900090b191f0d484923091f491004091a1648071d070d081d1a070848
Flag: (encoded in hex, encrypted with the same key)
0005120f1d111c1a3900003712011637080c0437070c0015
'''
The source code is written in python2 as you have seen above. The most important part here is where the actual encryption happens.ciphertext.append(ord(plaintext[i]) ^ ord(key[i%len(key)]))
In this line, our input variable plaintext gets XOR'd with a given key.
Our job here is to find out, what value has the key variable and decrypt our given flag message.
But what happens if the key isn't long enough? Well, it gets reused from the beginning.
I can tell you that, because the code is using:
i mod key.length or inside the source: i%len(key)
This means: we should at some point see, that our key repeats...Our challenge also tells us a sample plaintext: "Here is a sample. Pay close attention!"
As well as the encrypted message to it (see above)!
Writing a simple tool converting each character into a number e.g. H will be 72 (see ASCII Table).
Also we need to convert each hex numbers into a "real" number. 2E will be 46. Now we can XOR number 72 and 46 and we get: 102 which is the ASCII representation of: f
I wrote a simple C# program to automate this process:
Repeating this step over and over again, or using a selfmade tool, you will receive the key: fish
https://repl.it/repls/JumboEverlastingCoderesource
Receiving the flag: flag{xor_is_the_new_aes}
Kommentare
Kommentar veröffentlichen