Tags: crypto 

Rating:

we get the cipher `2c155e13121059000e06471817074562300609071a3a2d225b5f5c10143d4c0409001f0102060c0e0b466941040d5604521b1d0b440e410252185a1b181b0e05077b6660612f60612f62762f637a6868`

using trial and error we discovered few interesting stuff regarding the encryption stream:

- the data is padded before encrypted:
- up to 20 bytes → result will be 40 bytes
- 20-40 bytes → result will be 80 bytes
- etc

19 - aaaaaaaaaaaaaaaaaaa - 7355371973553719735537197355371973553779 : 9f7c
20 - aaaaaaaaaaaaaaaaaaaa - 73553719735537197355371973553719735537190620426c0620426c0620426c0620426c0620426c : 2910

From inspecting the input and output we can observe they are using cyclic xor encryption of the key.

padding:

padded with `0xX` up to the closest size where X is number of padded bytes.

so if missing 3 bytes till closest 20 modulo, then it will be padded with 0x3.

we know that the flag contains "BSidesTLV2020{"
by doing xor of the known plain text with the cipher at every index we see:

![](https://i.imgur.com/bUUvDsi.png)

**" combination o"** thats part of the key.

so we have the cipher text, and the padding value, so we get

We know that the plain text contains padding of 1-20 bytes at the end before the encryption,

which mean we can brute over the 20 possibilities of the padding bytes value.

![](https://i.imgur.com/wIQPHdT.png)

we get this time **"tion on my lugg"**

by common sense we we that this connect to the other part of the key **" combination o"**
so till now we have " combination on my lugg"
by searching this google we find the sentence:

> "I have the same combination on my luggage!"
```
binascii.hexlify( b"I have the same combination on my luggage!")
b'492068617665207468652073616d6520636f6d62696e6174696f6e206f6e206d79206c75676761676521'
```

```
url = "https://cryptostream.ctf.bsidestlv.com/decrypt"
myobj = {"message":"2c155e13121059000e06471817074562300609071a3a2d225b5f5c10143d4c0409001f0102060c0e0b466941040d5604521b1d0b440e410252185a1b181b0e05077b6660612f60612f62762f637a6868","Signature":"d38f", "key":"492068617665207468652073616d6520636f6d62696e6174696f6e206f6e206d79206c75676761676521"}
res = requests.post(url, json = myobj)
print(res.text)
```

and we get:

`BSidesTLV2020{Slip steaming all around}`