CH02 - 500pts

Briefing

Below are 4 messages, 2 of them are insecure... find the flag! 2e310d15730618003c27392502592f1b016e1b1c364505191302 27271e1d6f3935381618340a740404152d0063160106490a0a050d013d2e 313c0d45350d0c026f3d236b361120191e373c1c3a080e0c2b04 1b060c2749020b354105271616532f27772f1c204811111745320b10021717

Solution

  1. 1.
    First, we guess that the cipher being used is a one-time pad since two of the hexadecimal strings are the same length.
  2. 2.
    So we have cipher text one 2e310d15730618003c27392502592f1b016e1b1c364505191302 and cipher text two 313c0d45350d0c026f3d236b361120191e373c1c3a080e0c2b04 that were both encrypted using the same one-time pad key. If the key for a one-time pad is used twice, it can be broken using crib dragging.
  3. 3.
    Basically, XORing the cipher texts gives you the same result as XORing the original messages. The math works out as follows (from this crib dragging article):
    1
    cipher1 = msg1 ^ key
    2
    cipher2 = msg2 ^ key
    3
    cipher1 ^ cipher2 = (msg1 ^ key) ^ (msg2 ^ key)
    4
    cipher1 ^ cipher2 = msg1 ^ msg2 ^ key ^ key
    5
    cipher1 ^ cipher2 = msg1 ^ msg2 ^ 0
    6
    cipher1 ^ cipher2 = msg1 ^ msg2
    Copied!
    This is useful because XORing the two cipher texts removes the key from the problem.
  4. 4.
    We can XOR the two cipher texts using [CyberChef (click for recipe)](https://gchq.github.io/CyberChef/#recipe=From_Hex('Auto')XOR(%7B'option':'Hex','string':'313c0d45350d0c026f3d236b361120191e373c1c3a080e0c2b04'%7D,'Standard',false)To_Hex('None',0)&input=MmUzMTBkMTU3MzA2MTgwMDNjMjczOTI1MDI1OTJmMWIwMTZlMWIxYzM2NDUwNTE5MTMwMg) to get 1f0d0050460b1402531a1a4e34480f021f5927000c4d0b153806. This hexadecimal string is equal to the two messages XORed together. Therefore, we can start guessing parts of a message to decode both cipher texts and get the flag. SpiderLabs/cribdrag makes this easy.
  5. 5.
    python2 cribdrag.py 1f0d0050460b1402531a1a4e34480f021f5927000c4d0b153806:
    1
    Your message is currently:
    2
    0 __________________________
    3
    Your key is currently:
    4
    0 __________________________
    5
    Please enter your crib: flag
    6
    *** 0: "yaa7"
    7
    *** 1: "kl1!"
    8
    2: "f<'l"
    9
    3: "6*js"
    10
    *** 4: " gue"
    11
    *** 5: "mxc4"
    12
    6: "rn2}"
    13
    7: "d?{}"
    14
    8: "5v{)"
    15
    9: "|v/S"
    16
    10: "|"U/"
    17
    11: "(X)h"
    18
    12: "R$ne"
    19
    *** 13: ".ccx"
    20
    14: "in~>"
    22
    *** 16: "y5Fg"
    23
    *** 17: "?Kak"
    24
    18: "Alm*"
    25
    19: "f`,l"
    26
    *** 20: "j!jr"
    27
    21: "+gt_"
    28
    *** 22: "myYa"
    29
    Enter the correct position, 'none' for no match, or 'end' to quit: 4
    30
    Is this crib part of the message or key? Please enter 'message' or 'key': message
    31
    Your message is currently:
    32
    0 ____flag__________________
    33
    Your key is currently:
    34
    0 ____ gue__________________
    35
    Please enter your crib: the
    36
    *** 0: "keep"
    37
    *** 1: "yh5f"
    38
    2: "t8#+"
    39
    3: "$.n4"
    40
    *** 4: "2cq""
    41
    5: "|gs"
    42
    6: "`j6:"
    43
    7: "v;:"
    44
    8: "'rn"
    45
    9: "nr+"
    46
    10: "n&Qh"
    47
    11: ":\-/"
    48
    12: "@ j""
    49
    13: "<gg?"
    50
    14: "{jzy"
    51
    15: "vw<"
    52
    *** 16: "k1B "
    53
    17: "-Oe,"
    54
    *** 18: "Shim"
    55
    19: "td(+"
    56
    20: "x%n5"
    57
    21: "9cp"
    58
    22: "}]&"
    59
    Enter the correct position, 'none' for no match, or 'end' to quit: 0
    60
    Is this crib part of the message or key? Please enter 'message' or 'key': message
    61
    Your message is currently:
    62
    0 the flag__________________
    63
    Your key is currently:
    64
    0 keep gue__________________
    65
    Please enter your crib: is
    66
    *** 0: "?dsp"
    67
    1: "-i#f"
    68
    2: " 95+"
    69
    3: "p/x4"
    70
    *** 4: "fbg""
    71
    5: "+}qs"
    72
    *** 6: "4k :"
    73
    *** 7: "":i:"
    74
    *** 8: "ssin"
    75
    9: ":s="
    76
    *** 10: ":'Gh"
    77
    11: "n];/"
    78
    12: "!|""
    79
    *** 13: "hfq?"
    80
    14: "/kly"
    81
    15: ""v*"
    82
    *** 16: "?0T "
    83
    *** 17: "yNs,"
    84
    18: "im"
    85
    19: " e>+"
    86
    20: ",$x5"
    87
    21: "mbf"
    88
    22: "+|K&"
    89
    Enter the correct position, 'none' for no match, or 'end' to quit: 8
    90
    Is this crib part of the message or key? Please enter 'message' or 'key': message
    91
    Your message is currently:
    92
    0 the flag is ______________
    93
    Your key is currently:
    94
    0 keep guessin______________
    95
    Please enter your crib: g for
    96
    0: "x-f?4"
    97
    1: "j 6)y"
    98
    *** 2: "gp df"
    99
    3: "7fm{p"
    100
    4: "!+rm!"
    101
    5: "l4d<h"
    102
    *** 6: "s"5uh"
    103
    7: "es|u<"
    104
    8: "4:|!F"
    105
    9: "}:([:"
    106
    10: "}nR'}"
    107
    11: ").`p"
    108
    *** 12: "Shimm"
    109
    13: "//dp+"
    110
    *** 14: "h"y6U"
    111
    *** 15: "e??Hr"
    112
    16: "xyAo~"
    113
    17: ">fc?"
    114
    18: "@ j"y"
    115
    19: "g,+dg"
    116
    *** 20: "kmmzJ"
    117
    21: "*+sWt"
    118
    Enter the correct position, 'none' for no match, or 'end' to quit: 12
    119
    Is this crib part of the message or key? Please enter 'message' or 'key': key
    120
    Your message is currently:
    121
    0 the flag is Shimm_________
    122
    Your key is currently:
    123
    0 keep guessing for_________
    124
    Please enter your crib: the flag
    125
    *** 0: "keep gue"
    126
    *** 1: "yh5fmxc4"
    127
    2: "t8#+rn2}"
    128
    3: "$.n4d?{}"
    129
    4: "2cq"5v{)"
    130
    5: "|gs|v/S"
    131
    6: "`j6:|"U/"
    132
    7: "v;:(X)h"
    133
    8: "'rnR$ne"
    134
    9: "nr+.ccx"
    135
    10: "n&Qhin~>"
    136
    137
    12: "@ j"y5Fg"
    138
    13: "<gg??Kak"
    139
    14: "{jzyAlm*"
    140
    15: "vw<f`,l"
    141
    *** 16: "k1B j!jr"
    142
    17: "-Oe,+gt_"
    143
    *** 18: "ShimmyYa"
    144
    Enter the correct position, 'none' for no match, or 'end' to quit: 18
    145
    Is this crib part of the message or key? Please enter 'message' or 'key': key
    146
    Your message is currently:
    147
    0 the flag is Shimm_ShimmyYa
    148
    Your key is currently:
    149
    0 keep guessing for_the flag
    150
    Please enter your crib: for the flag
    151
    0: "ybrp2cq"5v{)"
    152
    1: "ko"f|gs|v/S"
    153
    2: "f?4+`j6:|"U/"
    154
    3: "6)y4v;:(X)h"
    155
    4: " df"'rnR$ne"
    156
    5: "m{psnr+.ccx"
    157
    6: "rm!:n&Qhin~>"
    158
    7: "d<h::\-/[email protected]"
    159
    8: "[email protected] j"y5Fg"
    160
    9: "|u<<gg??Kak"
    161
    10: "|!Fh{jzyAlm*"
    162
    11: "([:/vw<f`,l"
    163
    12: "R'}"k1B j!jr"
    164
    13: ".`p?-Oe,+gt_"
    165
    *** 14: "immyShimmyYa"
    166
    Enter the correct position, 'none' for no match, or 'end' to quit: 14
    167
    Is this crib part of the message or key? Please enter 'message' or 'key': key
    168
    Your message is currently:
    169
    0 the flag is ShimmyShimmyYa
    170
    Your key is currently:
    171
    0 keep guessing for the flag
    Copied!

Flag

ShimmyShimmyYa
Last modified 1yr ago
Copy link