1 files changed, 55 insertions, 0 deletions

diff --git a/docs/writeups/2023/lactf/crypto/one-more-time-pad.txt b/docs/writeups/2023/lactf/crypto/one-more-time-pad.txt
new file mode 100644
index 0000000..5c190af
--- /dev/null
+++ b/docs/writeups/2023/lactf/crypto/one-more-time-pad.txt
@@ -0,0 +1,55 @@
+I heard the onetime pad is perfectly secure so I used it to send an important
+message to a friend, but now a UCLA competition is asking for the key?  I threw
+that out a long time ago!  Can you help me recover it?
+
+
+
+
+The problem description implies a weakness through key reuse, however we can
+easily recover the key because we are given both a plaintext and corresponding
+ciphertext for a simple XOR cipher.
+
+The key is made up of the flag data, which is shorter than the actual message,
+so it is repeated using Python itertools.cycle to pad it out.
+
+```
+from itertools import cycle
+pt = b"Long ago, the four nations lived together in harmony ..."
+
+key = cycle(b"lactf{??????????????}")
+
+ct = ""
+
+for i in range(len(pt)):
+    b = (pt[i] ^ next(key))
+    ct += f'{b:02x}'
+print("ct =", ct)
+
+#ct = 200e0d13461a055b4e592b0054543902462d1000042b045f1c407f18581b56194c150c13030f0a5110593606111c3e1f5e305e174571431e
+```
+
+To get the flag, we ran this algorithm in reverse:
+
+```
+#!/usr/bin/env python3
+
+ct = (
+    b"\x20\x0e\x0d\x13\x46\x1a\x05\x5b\x4e\x59\x2b\x00\x54\x54\x39\x02"
+    b"\x46\x2d\x10\x00\x04\x2b\x04\x5f\x1c\x40\x7f\x18\x58\x1b\x56\x19"
+    b"\x4c\x15\x0c\x13\x03\x0f\x0a\x51\x10\x59\x36\x06\x11\x1c\x3e\x1f"
+    b"\x5e\x30\x5e\x17\x45\x71\x43\x1e" )
+
+pt  = b"Long ago, the four nations lived together in harmony ..."
+key =  ""
+
+for i in range(len(pt)):
+    b = (pt[i] ^ ct[i])
+    key += chr(b)
+
+print(key)
+```
+
+Because the key was cycled, we see repeated characters in the output, but the
+full flag is there.
+
+lactf{b4by_h1t_m3_0ne_m0r3_t1m3}lactf{b4by_h1t_m3_0ne_m0