Tags: cbc-bit-flipping cookies homomorphic 

Rating: 5.0

Visit [Original writeup](https://docs.abbasmj.com/ctf-writeups/picoctf2021#more-cookies) for better formatting.


**Description:** I forgot Cookies can Be modified Client-side, so now I decided to encrypt them!

**Points:** 90

#### **Solution**

Looking at the website, This is a continuation of the "Cookies" challenge. So let's have a look

This time the page reads "Welcome to my cookie search page. Only the admin can use it!" and the cookie is


It's a base64 but when I decode it, it's still in gibberish, So it's encrypted. Let's see the Hint

**Hint 1:** https://en.wikipedia.org/wiki/Homomorphic\_encryption

It's a Wikipedia page for a very interesting encryption method, It's more like an algorithm than an encryption formula. I found this to be the hardest challenge in the web, Reading articles about Homomorphic encryption and looking at other writeups I understand that we do not have to decrypt it to solve it, Homomorphic encryption allows you to perform operations on encrypted text. Also, I noticed that the letters "CBC" are oddly capitalized in the challenge description. So, It's a CBC bitflip. Meaning the encrypted text contains a bit that determines if it's admin or not, so probably something like `admin=0` but I don't know it's position so I brute forced it, Here's the code

from base64 import b64decode
from base64 import b64encode
import requests

def bitFlip( pos, bit, data):
raw = b64decode(data)

list1 = list(raw)
list1[pos] = chr(ord(list1[pos])^bit)
raw = ''.join(list1)
return b64encode(raw)


for i in range(128):
for j in range(128):
c = bitFlip(i, j, ck)
cookies = {'auth_name': c}
r = requests.get('http://mercury.picoctf.net:25992/', cookies=cookies)
if "picoCTF{" in r.text:

**Flag:** picoCTF{cO0ki3s\_yum\_82f39377}

Original writeup (https://docs.abbasmj.com/ctf-writeups/picoctf2021#more-cookies).