Tags: padding ecb
Rating:
tldr;
- the server implements some weird mode of operation that is very similar to ECB
- we are allowed one block of encryption and one block of decryption, if we can recover the IV, we can easily decrypt any block
- abuse pkcs#7 padding to get two identical blocks
- requesting the encryption of `b'\x10'*16` will encrypt two identical blocks, which we can use to recover the IV
- decrypt the ciphertext blocks to recover the flag!
[DUCTF GitHub](https://github.com/DownUnderCTF/Challenges_2020_public)
[writeup](https://jsur.in/posts/2020-09-20-downunderctf-2020-writeups#ecbc)