Tags: crypto 


We are given an encrypted flag, the program that encrypted it, and its source code.

Looking at the source code of the program we can deduce that it is a Linear Feedback Shift Register (LFSR) xor cipher, but with additional encryption modes similar to AES. These encryption modes are implemented with a block size of 1 byte, and a constant IV value of 0xa2.

We also see that the seed for the LFSR is constant, and therefore the keystream is as well. This keystream can be easily extracted by using the program to encrypt a file that contains n null bytes using the ECB mode. This is because ECB mode is simply the xor cipher. In my case, 200 bytes of the keystream was enough.

There was no information about which mode was used to encrypt the flag, so we can try all of them.

ECB decryption is easily done as it is symmetrical to encryption. This means that we can simply pass the ciphertext through the program again. However, this did not produce the flag.

CBC decryption is done by xoring each block with the keystream, and then xoring with the previous ciphertext block. For the first block, the previous block is the IV. Decrypting with this method produced the flag.