diff options
Diffstat (limited to '')
| -rw-r--r-- | docs/writeups/2023/lactf/crypto/one-more-time-pad.txt | 55 | 
1 files changed, 55 insertions, 0 deletions
| diff --git a/docs/writeups/2023/lactf/crypto/one-more-time-pad.txt b/docs/writeups/2023/lactf/crypto/one-more-time-pad.txt new file mode 100644 index 0000000..5c190af --- /dev/null +++ b/docs/writeups/2023/lactf/crypto/one-more-time-pad.txt @@ -0,0 +1,55 @@ +I heard the onetime pad is perfectly secure so I used it to send an important +message to a friend, but now a UCLA competition is asking for the key?  I threw +that out a long time ago!  Can you help me recover it? + + + + +The problem description implies a weakness through key reuse, however we can +easily recover the key because we are given both a plaintext and corresponding +ciphertext for a simple XOR cipher. + +The key is made up of the flag data, which is shorter than the actual message, +so it is repeated using Python itertools.cycle to pad it out. + +``` +from itertools import cycle +pt = b"Long ago, the four nations lived together in harmony ..." + +key = cycle(b"lactf{??????????????}") + +ct = "" + +for i in range(len(pt)): +    b = (pt[i] ^ next(key)) +    ct += f'{b:02x}' +print("ct =", ct) + +#ct = 200e0d13461a055b4e592b0054543902462d1000042b045f1c407f18581b56194c150c13030f0a5110593606111c3e1f5e305e174571431e +``` + +To get the flag, we ran this algorithm in reverse: + +``` +#!/usr/bin/env python3 + +ct = ( +    b"\x20\x0e\x0d\x13\x46\x1a\x05\x5b\x4e\x59\x2b\x00\x54\x54\x39\x02" +    b"\x46\x2d\x10\x00\x04\x2b\x04\x5f\x1c\x40\x7f\x18\x58\x1b\x56\x19" +    b"\x4c\x15\x0c\x13\x03\x0f\x0a\x51\x10\x59\x36\x06\x11\x1c\x3e\x1f" +    b"\x5e\x30\x5e\x17\x45\x71\x43\x1e" ) + +pt  = b"Long ago, the four nations lived together in harmony ..." +key =  "" + +for i in range(len(pt)): +    b = (pt[i] ^ ct[i]) +    key += chr(b) + +print(key) +``` + +Because the key was cycled, we see repeated characters in the output, but the +full flag is there. + +lactf{b4by_h1t_m3_0ne_m0r3_t1m3}lactf{b4by_h1t_m3_0ne_m0 | 
