[BCTF 2017]Beginner's luck (crypto 40)

Recently i am interested in crypto. so I enjoyed this challenge a lot.

Look at the problem below

enc27.py

If you look at enc27.py, you can see it's xor encryption. and 24 byte block padding.

png file is encrypted with key( original_png ^ key ) And as you know, A xor A = 0. so if we know original_png. then we can find key. I checked png sample files and file signature to figure out key. and enc27.py is padding 24 bit message block and xoring with key i guess key length is 24. So if I xor between png file signature and encrypted png,  it would reveals padding value..

Do it.

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

import itertools   def xoring(m1,m2):     return ''.join(chr(ord(a)^ord(b)) for a,b in zip(m1,m2))   def decrypt(enc, key):     key = itertools.cycle(key)     dec = ''.join(chr(ord(a) ^ ord(b)) for a,b in zip(key,enc))     return dec       def main():     f = open("BITSCTFfullhd.png","r")     f2 = open("tmp.png","wb")     buf = f.read()       #png signature     png = "\x89\x50\x4E\x47\x0D\x0A\x1A\x0A\x00"           key = xoring(buf[:9],png)       #unkown key     key += "A"*(24-9)       dec = decrypt(buf,key)     f2.write(dec)       f.close()     f2.close()             if __name__ == '__main__':     main()

we know 9 bytes key. And first 9 byte from each 24 byte of block was decrypted. You can see that "\x13" is repeated 4 times. Yeah~ padding value is "\x13". "\x13"*(15)^enc[-15:] would reveal left key values.

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30

import itertools   def xoring(m1,m2):     return ''.join(chr(ord(a)^ord(b)) for a,b in zip(m1,m2))   def decrypt(enc, key):     key = itertools.cycle(key)     dec = ''.join(chr(ord(a) ^ ord(b)) for a,b in zip(key,enc))     return dec       def main():     f = open("BITSCTFfullhd.png","r")     f2 = open("tmp.png","wb")     buf = f.read()       #png signature     png = "\x89\x50\x4E\x47\x0D\x0A\x1A\x0A\x00"           key = xoring(buf[:9],png)       key += xoring(buf[-15:], "\x13"*15)       dec = decrypt(buf,key)     f2.write(dec)       f.close()     f2.close()             if __name__ == '__main__':     main()

flag is BITSCTF{p_en_gee}