Recently i am interested in crypto. so I enjoyed this challenge a lot.
Look at the problem below
If you look at enc27.py, you can see it's xor encryption. and 24 byte block padding.
png file is encrypted with key( original_png ^ key ) And as you know, A xor A = 0. so if we know original_png. then we can find key. I checked png sample files and file signature to figure out key. and enc27.py is padding 24 bit message block and xoring with key i guess key length is 24. So if I xor between png file signature and encrypted png, it would reveals padding value..
Do it.
import itertools def xoring(m1,m2): return ''.join(chr(ord(a)^ord(b)) for a,b in zip(m1,m2)) def decrypt(enc, key): key = itertools.cycle(key) dec = ''.join(chr(ord(a) ^ ord(b)) for a,b in zip(key,enc)) return dec def main(): f = open("BITSCTFfullhd.png","r") f2 = open("tmp.png","wb") buf = f.read() #png signature png = "\x89\x50\x4E\x47\x0D\x0A\x1A\x0A\x00" key = xoring(buf[:9],png) #unkown key key += "A"*(24-9) dec = decrypt(buf,key) f2.write(dec) f.close() f2.close() if __name__ == '__main__': main()
we know 9 bytes key. And first 9 byte from each 24 byte of block was decrypted. You can see that "\x13" is repeated 4 times. Yeah~ padding value is "\x13". "\x13"*(15)^enc[-15:] would reveal left key values.
import itertools def xoring(m1,m2): return ''.join(chr(ord(a)^ord(b)) for a,b in zip(m1,m2)) def decrypt(enc, key): key = itertools.cycle(key) dec = ''.join(chr(ord(a) ^ ord(b)) for a,b in zip(key,enc)) return dec def main(): f = open("BITSCTFfullhd.png","r") f2 = open("tmp.png","wb") buf = f.read() #png signature png = "\x89\x50\x4E\x47\x0D\x0A\x1A\x0A\x00" key = xoring(buf[:9],png) key += xoring(buf[-15:], "\x13"*15) dec = decrypt(buf,key) f2.write(dec) f.close() f2.close() if __name__ == '__main__': main()
flag is BITSCTF{p_en_gee}
'crypto' 카테고리의 다른 글
[picoctf 2015]Repeated XOR (4) | 2015.11.20 |
---|---|
확장된 유클리드 (0) | 2015.05.07 |
암호 공격방법 (0) | 2015.04.25 |
[펌]python hashlib (0) | 2015.03.21 |
전반적인 암호화 (0) | 2015.02.26 |