Monday, October 15, 2012

hackyou CTF: Crypto 200

This challenge was a bit more of a traditional crypto challenge (Download Here) with a big clue coming in the form of the name of the challenge, XOROWbIu WbI(|)P. The big thing I got from this was the reference to XOR, enter (xortool). At xortool's site they say that the most common character in ASCII is 0x20 so that is the first thing I tested. cry200.txt.enc -c 20
This printed out a key of '\x96\xa4*\xc3\xc4:' which, when applied to the file gave me something close to an answer.
Cong (tula& ons!r hiler=he q' ck b &wn f=1 jum": ove ithe > ........
I noticed that the only every 5th and 6th byte of this message was unintelligible, so I changed the 5th and 6th chars of the key manually in a python script until the message was correct. The script is below.
key = '\x96\xa4*\xc3\x96\x73'
counter = 0
answer = ''
for i in open('cry200.txt', 'rb').read():
    answer += chr(ord(i)^ord(key[counter%6]))
    counter += 1

print answer
Answer: Congratulations! While the quick brown fox jumps over the lazy dog, the plain xor cipher is still very unsecure when the key is much shorter than the message. Your flag: Foxie Dogzie Crypto Pwnd
And that's all there is to it!
-- suntzu_II

1 comment: