Skip to main content
  1. Posts/

All-Army CyberStakes 4 - Cryptography (Over Time: Paid)

·381 words·2 mins

This is where the challenges start getting more difficult. This problem starts with two files again: document.encrypted, which contains 15 lines of hex, and source.py, which contains what appears to be the script that generated the document. The script performs two key steps to create the document:

  1. Generates the plaintext of the document with a static intro line, 10 random lines, a static outro line, and finally the flag.

  2. Generates a random, 64-byte long key and XORs each line with it.

Based on the name of the challenge (Over Time: Paid), we can see that this method is inspired by how a One-time Pad works. One-time pads ensure complete and unbreakable secrecy for a message by encrypting it with a key of the same length, usually with the XOR operation. This encryption is only unbreakable if and only if that key is used for only that text and is never reused.

The major weakness in this challenge’s implementation is that it only uses a 64-byte key to encrypt the entire message. Furthermore, since we know exactly what the first line is, we can extract the key using a known-plaintext attack, by virtue of how the XOR operation works. In XOR ($$\oplus$$) encryption, we can encrypt plaintext ($$P$$) into ciphertext ($$C$$) by XORing the plaintext with a key ($$K$$).

$$ P \oplus K = C $$

To decrypt the ciphertext, we only need to XOR the ciphertext with the key.

$$ C \oplus K = P $$

However, the mathematical properties of XOR also allow us to compute the key by XORing the plaintext and ciphertext together.

$$ P \oplus C = K $$

In this challenge, the script provides us with a hardcoded intro statement, which is our plaintext for this attack. Since is the first line of text, we also know this corresponds to the first line of ciphertext in document.encrypted. By XORing these two lines together, we can compute the 64-byte key used throughout the encrypted document using CyberChef.

Note: We also need to make sure the lengths of the plaintext and ciphertext match, so we have to remove the : at the end of the plaintext.

Plaintext:  The following encoded individuals are to be given a $27.3k bonus
Ciphertext: 2246e0fe4f69ccb153f209b8cc73a5d87ce7cfdea8fa5ce35bb68b908e5a7e20f557810187bfc8b101a69b27edce27e15802d1f3eb7ef3dfb87eac2c6e12f4c0
Key:        762e85de2906a0dd3c8560d6ab53c0b61f88abbbccda358d3fdffdf9ea2f1f4c8677e073e29fbcde21c4fe078aa751843622b0d3cf4cc4f18b158c4e017c81b3

[..snip..]
Furthermore, the FLAG is:                                      

ACI{6e6e41b658edba0f25eb5049ee1}