# Just Take Your Time

## Description

Let's go. In and out. 2 second adventure.

`nc dctf-chall-just-take-your-time.westeurope.azurecontainer.io 9999`


###### Hint -> While this may not be pwn, its tools may still be quite handy.

## Solution

Analyzig the code we see that the flag is encrypted using the `time()` of the system

key = str(int(time())).zfill(16).encode("utf-8")
secret = token_hex(16)
cipher = DES3.new(key, DES3.MODE_CFB, b"00000000")
encrypted = cipher.encrypt(secret.encode("utf-8"))

We can connect to the service, pass the first challenge `(a * b)` and get the encrypted secret

Now we can try to decrypt using the time, `-100 / 100` is used to be safer, send it back and get the flag

Let's write the script

from pwn import *
from Crypto.Cipher import DES3
from time import time
from random import randint

nc = remote("dctf-chall-just-take-your-time.westeurope.azurecontainer.io", 9999)

a, b = map(int, nc.recvline().decode().strip().split(' ')[::2])
nc.sendline(str(a * b))

t = int(time())
secret = bytes.fromhex(nc.recvlineS())
log.info(f"Secret: {secret.hex()}")

for i in range(-100, 100):
key = str(t + i).zfill(16).encode("utf-8")
cipher = DES3.new(key, DES3.MODE_CFB, b"00000000")
plain = cipher.decrypt(secret)
if plain.isalnum():
log.info(f"Time: {i}")

$ python JustTakeYourTime.py
[+] Opening connection to dctf-chall-just-take-your-time.westeurope.azurecontainer.io on port 9999: Done
[*] Secret: f24f18b5814062decdb85c6283778d7d2551b62bf039d97dafae5408b6f5b666
[*] Time: -10
[+] dctf{1t_0n1y_t0Ok_2_d4y5...}

#### **FLAG >>** `dctf{1t_0n1y_t0Ok_2_d4y5...}`

Original writeup (https://github.com/K1nd4SUS/CTF-Writeups/tree/main/dCTF_2021/Just%20Take%20Your%20Time).