# CH02 - 500pts ## Briefing > Below are 4 messages, 2 of them are insecure... find the flag! `2e310d15730618003c27392502592f1b016e1b1c364505191302` `27271e1d6f3935381618340a740404152d0063160106490a0a050d013d2e` `313c0d45350d0c026f3d236b361120191e373c1c3a080e0c2b04` `1b060c2749020b354105271616532f27772f1c204811111745320b10021717` ## Solution 1. First, we guess that the cipher being used is a [one-time pad](https://en.wikipedia.org/wiki/One-time_pad) since two of the hexadecimal strings are the same length. 2. So we have cipher text one `2e310d15730618003c27392502592f1b016e1b1c364505191302` and cipher text two `313c0d45350d0c026f3d236b361120191e373c1c3a080e0c2b04` that were both encrypted using the same one-time pad key. If the key for a one-time pad is used twice, it can be broken using [crib dragging](https://samwho.dev/blog/toying-with-cryptography-crib-dragging/). 3. Basically, XORing the cipher texts gives you the same result as XORing the original messages. The math works out as follows (from [this crib dragging article](https://samwho.dev/blog/toying-with-cryptography-crib-dragging/)): ``` cipher1 = msg1 ^ key cipher2 = msg2 ^ key cipher1 ^ cipher2 = (msg1 ^ key) ^ (msg2 ^ key) cipher1 ^ cipher2 = msg1 ^ msg2 ^ key ^ key cipher1 ^ cipher2 = msg1 ^ msg2 ^ 0 cipher1 ^ cipher2 = msg1 ^ msg2 ``` This is useful because XORing the two cipher texts removes the key from the problem. 4. We can XOR the two cipher texts using \[CyberChef (click for recipe)]\() to get `1f0d0050460b1402531a1a4e34480f021f5927000c4d0b153806`. This hexadecimal string is equal to the two messages XORed together. Therefore, we can start guessing parts of a message to decode both cipher texts and get the flag. [SpiderLabs/cribdrag](https://github.com/SpiderLabs/cribdrag) makes this easy. 5. `python2 cribdrag.py 1f0d0050460b1402531a1a4e34480f021f5927000c4d0b153806`: ``` Your message is currently: 0 __________________________ Your key is currently: 0 __________________________ Please enter your crib: flag *** 0: "yaa7" *** 1: "kl1!" 2: "f<'l" 3: "6*js" *** 4: " gue" *** 5: "mxc4" 6: "rn2}" 7: "d?{}" 8: "5v{)" 9: "|v/S" 10: "|"U/" 11: "(X)h" 12: "R$ne" *** 13: ".ccx" 14: "in~>" 15: "ds8@" *** 16: "y5Fg" *** 17: "?Kak" 18: "Alm*" 19: "f`,l" *** 20: "j!jr" 21: "+gt_" *** 22: "myYa" Enter the correct position, 'none' for no match, or 'end' to quit: 4 Is this crib part of the message or key? Please enter 'message' or 'key': message Your message is currently: 0 ____flag__________________ Your key is currently: 0 ____ gue__________________ Please enter your crib: the *** 0: "keep" *** 1: "yh5f" 2: "t8#+" 3: "$.n4" *** 4: "2cq"" 5: "|gs" 6: "`j6:" 7: "v;:" 8: "'rn" 9: "nr+" 10: "n&Qh" 11: ":\-/" 12: "@ j"" 13: "+" 20: ",$x5" 21: "mbf" 22: "+|K&" Enter the correct position, 'none' for no match, or 'end' to quit: 8 Is this crib part of the message or key? Please enter 'message' or 'key': message Your message is currently: 0 the flag is ______________ Your key is currently: 0 keep guessin______________ Please enter your crib: g for 0: "x-f?4" 1: "j 6)y" *** 2: "gp df" 3: "7fm{p" 4: "!+rm!" 5: "l4dfc?" 18: "@ j"y" 19: "g,+dg" *** 20: "kmmzJ" 21: "*+sWt" Enter the correct position, 'none' for no match, or 'end' to quit: 12 Is this crib part of the message or key? Please enter 'message' or 'key': key Your message is currently: 0 the flag is Shimm_________ Your key is currently: 0 keep guessing for_________ Please enter your crib: the flag *** 0: "keep gue" *** 1: "yh5fmxc4" 2: "t8#+rn2}" 3: "$.n4d?{}" 4: "2cq"5v{)" 5: "|gs|v/S" 6: "`j6:|"U/" 7: "v;:(X)h" 8: "'rnR$ne" 9: "nr+.ccx" 10: "n&Qhin~>" 11: ":\-/ds8@" 12: "@ j"y5Fg" 13: "" 7: "d