CTFtime.org

Useless admin

by 0xmzfr / OpenToAll

Rating:

Useless admin

PROBLEM

One member of our team, piece of sh#t an#s_boss, made a huge mistake using multi time pad.

He knew that the OTP, if it is well applied, it is unbreakable. But this usesless brainless retard, went yoloooo.

Not only that, but he deleted the original plain text, so we are screwed.

The only thing left is the following file : cipher.json

It contains multiple cipher text, created using OTP and the same key.

So can you figure out the plain text of the cipher_flag ?

Flag format : Securinets{plain text here}

Author:BlueWhale

cipher.json

SOLUTION

Okay so this is like super xor attack or something :smile:

The best part about this is that I didn't had to do anything because this is common know problem and someone already have created a great script

I just had to make few changes to it.

First this is what the json data looked.

➜ http https://www.ctfsecurinets.com/files/bbfe31808617c8c67fd9da96f1daa8bd/cipher.json | jq .
{
  "cipher_list": [
    "1b0605000e14000d1b524802190b410700170e10054c11480807001806004e4f1f4f01480d411400531158141e1c100016535a480c000c031a000a160d421e004113010f13451e0c0100100a020a1a4e165f500d0c1e041a090b001d0515521c0a0410000a4f4b4d1d1c184d071600071c0a521d1706540940",
    "1e10524e001f11481c010010070b13024f0704590903094d0c000e4f0711000615001911454217161a1a45040149000a5218404f1e0012060b1b590a1048171741140c01174c0d49174f0c8d4fc7520211531b0b0c1e4f",
    "1d0c04451352001a000154431b014109450a0a0b000045490403520a1d16490008535848085942071c0d0c57101c0045111c40430c4e111c0b1b1c451d4f071712010508475518061d00060a1b0a1a4c165d",
    "160d074300061d071b524e06190b134e450a0b0a4d4c12411d004f014045491b4649074804001100011d4504520612451e165d53064e164e1d060d0d44541a0041031b0b06540d1a070004001d4b074800531c04101d4f",
    "1a1d524912521548120045021b4e1506490a0859150345531d12521b4e094909030003011148420453074d161e05540b071e4c451b000a084a1d1c04084c0b45060b060a4742070618534218070210484512020043100e191e5956111a1c001c1f0b5c",
    "1a1d5248000154041a1c47430d0b04000005015900140c4f04534f094e08490103000000045442111b11001b1b1d000917535a48004e021d4a0e0b0044491c03080a001a024c11490748074f02040054451a1d150c1b150d020d0e",
    "1a1d5249125215481613500a1b0f0d4e4d0d1c0d000700001d1c001b06004f1d0f5a11480745040a011100181c0c540d13000e44085404404a061716014e010c0308104e084e0d4911450506011853540a5304120a1a154c0a1843001b45541c481607051b431f480d001e0400000c531d01011d00124441010200190d0800000000000e54060001100a1b4d0b040d105347",
    "0a0607000913020d551300041d0f0f0a0003061f154c034f1b53530602004e0c030c541f0454110a1d5a001e0649190419165d00104f104e1b1a101101001b0b1705051b0642040c5341114f0e4b104f0803110b0a060f42",
    "160d074300061d071b524e06190b134e450a0b0a4d4c12411d004f014045491b4649074804001100011d4504520612451e165d53064e16424a1810110c00060d04440e1c02411c0c00544209001953540d165009021a1542",
    "1e10524e001f11481c010010070b13024f0704590903094d0c000e4f0711000615001911454217161a1a45040149000a5218404f1e0012060b1b590a1048171741140c01174c0d49174f4201001f534b0b1c074b",
    "1a49134d4113540a0713490d434e160f541700174f4c11480c53520a1d1100000000190d4549114512544d12000c540402034b4e0d491d40"
  ],
  "cipher_flag": "1a4905410f06110c55064f430a00054e540c0a591603174c0d5f000d1b110006414c1848164516111f1100111d1b54001c17474e0e001c011f1d0a4b"
}

After using the cipher.py we get the output:

➜ python2 cipher.py
Fix this sentence:
* *anted to ind t** y*rl*, but i'*l*settle for endin* ****s.

Fixed:
cure let me be know a

('key is', 'y<w$/jtxuk*che%%:c}yw')
Decrypted msg:
b:r$!~tun9baqnd":tsir
g,%j/ue0ij*son6'udy ~
d0sa<8tbuj~ sdd,iwrw
o1pg/lin9deqn6kivs:
c!%m=8a0gkoas+0#siu b
c!%l/k |owm en!%:f| w
c!%m=8a0cxzisj(kwnatw
s:p$&yvu x*guj*/:`{fb
o1pg/lin9deqn6kivs:
g,%j/ue0ij*son6'udy ~
cudiny rrxcn++3*nt}n8

Private key recovered: y<w$/jtxuk*che%%:c}yw

So I took the String and googled it and found the write string I wanted to end the world, but I'll settle for ending yours

Using this on line 38 and we get

➜ python2 cipher.py
Fix this sentence:
* *anted to ind t** y*rl*, but i'*l*settle for endin* ****s.

Fixed:
I wanted to end the world, but I'll settle for ending yours

('key is', 'Sir arthur conan doyale is one Of the best writers. i enjoy')
Decrypted msg:
How often have i said that whenyou have excluded the impos
My name is sherlock holmes. it Is my business to know what
Never trust to general impressiOns, my boy, but concentrate
Education never ends, watson. iT is a series of lessons wit
It is a great thing to start liFe with a small number of re
It has long been an axiom of miNe that the little things ar
It is a capital mistake to theoRize before one has data. in
You have a grand gift for silenCe, watson. it makes you qui
Education never ends, watson. iT is a series of lessons, wi
My name is sherlock holmes. it Is my business to know what
I am a brain, watson. the rest Of me is a mere appendix.

Private key recovered: Sir arthur conan doyale is one Of the best writers. i enjoy

The flag was the Fixed sentence

FLAG - Securinets{I wanted to end the world, but I'll settle for ending yours}

Original writeup (https://github.com/mzfr/ctf-writeups/tree/master/Securinets_Prequals_2K19/Crypto/useless_admin).

Comments