Tags: ecb padding 


- the server implements some weird mode of operation that is very similar to ECB
- we are allowed one block of encryption and one block of decryption, if we can recover the IV, we can easily decrypt any block
- abuse pkcs#7 padding to get two identical blocks
- requesting the encryption of `b'\x10'*16` will encrypt two identical blocks, which we can use to recover the IV
- decrypt the ciphertext blocks to recover the flag!

[DUCTF GitHub](https://github.com/DownUnderCTF/Challenges_2020_public)


Original writeup (https://www.josephsurin.me/posts/2020-09-20-downunderctf-2020-writeups#babyrsa).