CTFtime.org

Meet me there

by rnbwdsh / SIGFLAG

Rating:

From the given source, we know that 2 encryptions with 3 signs out of string.printable are performed, which has 100 members. So brute forcing all double-encryption-combinations would take 100^3^2 units of time. Or 10^12.

Luckily wew can try to encrypt the known plaintext `aaaaaaaaaaaaaaaa` and decrypt the known ciphertext `ef92fab38516aa95fdc53c2eb7e8fe1d5e12288fdc9d026e30469f38ca87c305ef92fab38516aa95fdc53c2eb7e8fe1d5e12288fdc9d026e30469f38ca87c305` and if these match, we found a pair of 1st and 2nd keys that result in the correct encryption.

Then we only have to decrypt the flag with the 2nd and then with the 1st.

The keys were `"0000000000000t\r["` and `}=v0000000000000`

# Solver source code
```python
#!/usr/bin/python3

from string import printable
import itertools
from Crypto.Cipher import AES
from binascii import hexlify, unhexlify

pt = hexlify(b"aaaaaaaaaaaaaaaa")
target = unhexlify(b"ef92fab38516aa95fdc53c2eb7e8fe1d5e12288fdc9d026e30469f38ca87c305ef92fab38516aa95fdc53c2eb7e8fe1d5e12288fdc9d026e30469f38ca87c305")
lookup_table = {}

# create all 100^3 forward-encryption-options
for p1 in itertools.product(printable, repeat=3):
key = "".join(p1)
key1 = "0000000000000"+key

cipher1 = AES.new(key=key1.encode("utf-8"), mode=AES.MODE_ECB)
c1 = hexlify(cipher1.encrypt(pt))
lookup_table[c1] = key1

print("done creating lookup table")

# create all 100^3 backward-encryption-options
for p2 in itertools.product(printable, repeat=3):
key = "".join(p2)
key2 = key+"0000000000000"

cipher2 = AES.new(key=key2.encode("utf-8"), mode=AES.MODE_ECB)
c2 = cipher2.decrypt(target)
if c2 in lookup_table: # check if the decryption of target == encryption of known plaintext
key1 = lookup_table[c2]
print(key1, key2)
break

# part 2: decryption
flag = b"fa364f11360cef2550bd9426948af22919f8bdf4903ee561ba3d9b9c7daba4e759268b5b5b4ea2589af3cf4abe6f9ae7e33c84e73a9c1630a25752ad2a984abfbbfaca24f7c0b4313e87e396f2bf5ae56ee99bb03c2ffdf67072e1dc98f9ef691db700d73f85f57ebd84f5c1711a28d1a50787d6e1b5e726bc50db5a3694f576"
flag = unhexlify(flag)

for key in [key2, key1]:
cipher = AES.new(key=key.encode("utf-8"), mode=AES.MODE_ECB)
flag = unhexlify(cipher.decrypt(flag))
print(flag)

# key1 = "0000000000000t\r["
# key2 = "}=v0000000000000"
```

Comments