(Page on link "original writeup" is written in Japanese. Here I write English translation.)

A server with hidden key and flag is running. Code in Python is public.

This server does:
  decrypt the data and return to the user, if the user send "decrypt" command and encrypted data
  decrypt the data and regard it as a command, and do the following, if the user send  "secret" command and encrypted command
     if the command includes "encrypt", encrypt the plaintext given in next line and return it
     if the command includes "flag", encrypt the flag and return it

Encryption is done in AES256-CBC. Both plaintext and cipher text are sent and received in BASE64.

Initial vector is generated randomly when encrypting the data.

The server provides us the function of encrypting, so we need "the encrypted data of 4 characters 'flag'". Unfortunately, we need "encrypted data of 'encrypted'" to do so.

Encryption is done in CBC, so if I obtain the result of decryption, then I can change the initial vector to modify the first block as I like.

So I decrypted 32 \0s. and I rewrote the initial vector to "obtained plaintext ^ desired plaintext" to get the first 16 bytes as I like. In this problem I need only to set the first 4 bytes to "flag", so I modified the first 4 bytes of initial vector.

I could confirm that the modified was decrypted to the string starting with "flag" by "decrypt" command.

I sent this to "secret" command, then the result to "decrypt" command. I obtained the key flag.

Abstract of logs for writeup follows:
   
$dd if=/dev/zero bs=32 count=1 | base64 1+0 records in 1+0 records out 32 bytes copied, 0.000194334 s, 165 kB/s AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=$ nc flagstaff.vuln.icec.tf 6003
Welcome to the secure flag server.
Send me a command: decrypt
Send me some data to decrypt: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
6VlxPr4/oHDN5x6RmAek+w==
 
$echo -n 6VlxPr4/oHDN5x6RmAek+w== | base64 -d | od -t x1 0000000 e9 59 71 3e be 3f a0 70 cd e7 1e 91 98 07 a4 fb 0000020$ python
Python 2.7.12 (default, Jul  1 2016, 15:12:24)
[GCC 5.4.0 20160609] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> hex(0xe959713e ^ 0x666c6167)
'0x8f351059'
>>> quit()
 
$(perl -e 'print "\x8f\x35\x10\x59";'; dd if=/dev/zero bs=28 count=1) | base64 1+0 records in 1+0 records out 28 bytes copied, 0.000133464 s, 210 kB/s jzUQWQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=$ nc flagstaff.vuln.icec.tf 6003
Welcome to the secure flag server.
Send me a command: decrypt
Send me some data to decrypt: jzUQWQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
ZmxhZ74/oHDN5x6RmAek+w==
 
$echo ZmxhZ74/oHDN5x6RmAek+w== | base64 -d flag�?�p��?����$ nc flagstaff.vuln.icec.tf 6003
Welcome to the secure flag server.
Send me a command: secret
Send me an encrypted command: jzUQWQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
6g0QvuIcEb1TfCq9vlApP6tKr+agmfm44nOWreOHXhM3F7QQrlwwmC4u9ZII4LzaY8VyCSy7Wci2txjkHiUREjks38JcKkm84AmETtJ4utI=
 
$ nc flagstaff.vuln.icec.tf 6003
Welcome to the secure flag server.
Send me a command: decrypt
Send me some data to decrypt: 6g0QvuIcEb1TfCq9vlApP6tKr+agmfm44nOWreOHXhM3F7QQrlwwmC4u9ZII4LzaY8VyCSy7Wci2txjkHiUREjks38JcKkm84AmETtJ4utI=
SWNlQ1RGe3JldmVyc2VfYWxsX3RoZV9ibG9ja3NfYW5kX2dldF90b190aGVfbWVhbmluZ19iZWhpbmR9
 
$ echo SWNlQ1RGe3JldmVyc2VfYWxsX3RoZV9ibG9ja3NfYW5kX2dldF90b190aGVfbWVhbmluZ19iZWhpbmR9 | base64 -d
IceCTF{reverse_all_the_blocks_and_get_to_the_meaning_behind}

Original writeup (https://blog.nhiroki.net/2016/08/27/icectf-2016-writeup).