Tags: ecb padding
- the server implements some weird mode of operation that is very similar to ECB
- we are allowed one block of encryption and one block of decryption, if we can recover the IV, we can easily decrypt any block
- abuse pkcs#7 padding to get two identical blocks
- requesting the encryption of `b'\x10'*16` will encrypt two identical blocks, which we can use to recover the IV
- decrypt the ciphertext blocks to recover the flag!