Tags: crypto des 

Rating:

## Solution

Similar to our solution in _A White Rabbit_, for these kinds of problems, where the implementation is given, it is important to know what the proper implementation of the algorithm is so that when you spot differences in the implementation, then you can deduce what kind of vulnerabilities are introduced. In this case, it claims to be `des` and is probably derived a python implementation of des, [pydes](https://github.com/RobinDavid/pydes/blob/master/pydes.py)

Here there are two main differences.
* Expansion
* No in-round permutation

Removing the permutation _and_ modification of the expansion practically removes almost all diffusion in the DES. Therefore, modifying a bit, would only modify 8 bits.

This allows us to brute force for the flag.

__For full implementation see the url__

Original writeup (https://github.com/pberba/ctf-solutions/tree/master/20181223_xmasctf/crypto-497-a_black_rabbit).