Rating: 5.0
from name xoared, maybe we should try xortool first
# xortool xoared
The most probable key lengths:
1: 10.8%
3: 11.2%
6: 11.3%
8: 9.5%
12: 9.8%
15: 8.3%
17: 7.0%
19: 7.6%
22: 6.8%
43: 17.7%
Key-length can be 3*n
Most possible char is needed to guess the key!
It seems key-length is 43.Brute force it:
# xortool -b xoared
The most probable key lengths:
1: 10.8%
3: 11.2%
6: 11.3%
8: 9.5%
12: 9.8%
15: 8.3%
17: 7.0%
19: 7.6%
22: 6.8%
43: 17.7%
Key-length can be 3*n
256 possible key(s) of length 43:
"\x9f\xa4\xd2f\x02\xb8\x06\xbe\xd2*f\xb2a\x96\tLfF\x0cYoD_?K\xb2\xb9P\xc4\x92\xd6m\xa9\x12+\xad&\x03Y\x95\xd6,
#\x9e\xa5\xd3g\x03\xb9\x07\xbf\xd3+g\xb3`\x97\x08MgG\rXnE^>J\xb3\xb8Q\xc5\x93\xd7l\xa8\x13*\xac'\x02X\x94\xd7-
\x9d\xa6\xd0d\x00\xba\x04\xbc\xd0(d\xb0c\x94\x0bNdD\x0e[mF]=I\xb0\xbbR\xc6\x90\xd4o\xab\x10)\xaf$\x01[\x97\xd4.
!\x9c\xa7\xd1e\x01\xbb\x05\xbd\xd1)e\xb1b\x95\nOeE\x0fZlG\\<H\xb1\xbaS\xc7\x91\xd5n\xaa\x11(\xae%\x00Z\x96\xd5/
&\x9b\xa0\xd6b\x06\xbc\x02\xba\xd6.b\xb6e\x92\rHbB\x08]k@[;O\xb6\xbdT\xc0\x96\xd2i\xad\x16/\xa9"\x07]\x91\xd2(
...
Found 55 plaintexts with 95%+ valid characters
See files filename-key.csv, filename-char_used-perc_valid.csv
A possible key is found.Just grep to find if any flag directly:
# grep -r BCTF xortool_out/
xortool_out/095.out:used_it}BCTF{yeah_x0r_is_insecure_yet_we_used_it}BCTF{yeah_x0r_is_insecure_yet_we_used_it}
So, flag is BCTF{yeah_x0r_is_insecure_yet_we_used_it}
