**Tags:** cryptography

Rating:

## Tyrannosaurus Rex

The flag was encoded with the following proecess:

base64encode -> enc function -> hexlify

So we can decode flag with the following process:

unhexlify -> dec function -> base64decode

The dec function can be found by studying the enc function.

enc function:

Lets say we have an array e = [a,b,c,d] , a new array *z* is formed

by xoring two consecutive elements. The last element is xored with

the first. So we get z = [a^b, b^c, c^d, d^a]. Then z is hexlified.

dec function:

Observation 1: The beginning of base64 of a string is

always the same. It is just the end that differs.

Observation 2: a ^ a = 0. Therefore, a ^ a ^ b = b.

With these observations in mind, we can now construct the dec function.

We can base64 encode "flag" and grab the ascii value of the first 6bit value. A simple python code to do that is `base64.b64encode(b'flag')[0]`. We then unhexlify the encoded flag and perform observation 2 on it.

We then finally base64 decode the result.

#### Code Snippet

```

def dec():

cur = 90 #base64.b64encode(b'flag')[0]'

u = binascii.unhexlify(c)

s=""

for i in u:

v = cur ^ i #Perform a ^ a ^ b

s += chr(v)

cur = v

s = s[len(s)-1]+s[0:len(s)-1]

print(base64.b64decode(s))

```

[Original writeup](https://github.com/AmosAidoo/ctf-writeups/tree/master/H%40ctivityCon_CTF)

Original writeup (https://ctftime.org/team/128582).