Tags: cbc-mac crypto
Rating:
TLDR;
- CBC-MAC oracle gives exactly one plaintext message and its MAC
- Have to verify any message to get the flag
- The CBC-MAC of `(m1,m2,...,mN,CBC-MAC(m)^m1,m2,...,mN)` is the same as `CBC-MAC(m)`
- Send this message with the original MAC that the server gave
[writeup](https://jsur.in/posts/2020-04-13-dawgctf-2020-writeups#criss-cross-criss-cross)
