Rating: 5.0

# Aero CTF 2020 : Old Crypto Server

**category** : crypto

**points** : 100

## write-up

AES ECB encrypt msg + flag, msg is controllable.

Send msg = 'a' * 15, and the first block will be 'a' * 15 + flag[0]
Then send msg = 'a' * 15 + '0', msg = 'a' * 15 + '1', ..., until you find a match with the previous result and you got flag[0].

Send msg = 'a' * 14, and the first block will be 'a' * 14 + flag[0] + flag[1]
Then send msg = 'a' * 14 + flag[0] + '0', msg = 'a' * 14 + flag[0] + '1', ..., until you find a match with the previous result and got flag[1]

Keep going and you will find the whole flag.

See solve.py for more detail.

# other write-ups and resources

Original writeup (https://github.com/OAlienO/CTF/tree/master/2020/Aero-CTF/Old-Crypto-Server).