Another Xor – Crypto – CSAW17

Another Xor – Crypto – CSAW17

Here is a crypto challenge, we got a ciphered message and the script used, source are available on my github. From the script we can clearly see that :

message = flag+key+md5(message)
ciphered = xor(message, key)

The interesting point is that the key have been xored with itself with an offset, but i will help us to recover its length. First of all we had to remove the md5 from the ciphered message because it is irrelevant at this point, so md5 is 32 chars long and when encoded in hex it is 64 chars long, so we removed last 64 chars of ciphered message.

274c10121a0100495b502d551c557f0b0833585d1b27030b5228040d3753490a1c025415051525455118001911534a0052560a14594f0b1e490a010c4514411e070014615a181b02521b580305170002074b0a1a4c414d1f1d171d00151b1d0f480e491e0249010c15

Which is flag+key xored with the key and encoded in hex. We assume that flag have a len of n, and key of m, The hex above is 210 chars long so n+m=105. I will refer to the ith flag character as Fi, jth key character as Kj with i in [1,n] and j in [1,m].
At some point key is xored with it self so we have something like :

    K1 K2 ..... Kn
xor
    K7 K8 ..... Kn-7

With a shorter example we got :

    K1 K2 K3 K4 K5 K6 K7
xor
    K4 K5 K6 K7 K1 K2 K3

cipher = K1^K4 K2^K5 K3^K6 K4^K7 K5^K1 K6^K2 K7^K3

Here is where the magic happens, the fact is that if you xor each char of cipher, it is equal to 0 :

(K1^K4) ^ (K2^K5) ^ (K3^K6) ^ (K4^K7) ^ (K5^K1) ^ (K6^K2) ^ (K7^K3) = 0

So what ?! By xoring each chars, starting by the end of the ciphered text we will able to get key length. So we start xoring :

15 ^ 0c ^ 01 .... until it is equal to 0

So we found that the key length is 68 chars long, which means that flag is 37 chars. Now we going to make an other assumption which is that flag start with “f” :

    F1 F2 F3 ...... F35 F36 F37 K1  K2  K3  K4  K5  ....... K58 K59 K60 K61 K62 K63  K64  K65  K66  K67  K68
xor
    K1 K2 K3 ...... K35 K36 K37 K38 K39 K40 K41 K42 ....... K1  K2  K3  K4  K5  K6   K7   K8   K9   K10  K11
=   C1 C2 C3 ...... C35 C36 C37 C38 C39 C40 C41 C42 ....... C95 C96 C97 C98 C99 C100 C101 C102 C103 C104 C105

So if F1 is f and we know C1 (0x27) so we are able to get K1. But K1 is used to cipher another K58, so we are able to get K58 and so on…

So we are able to get the flag : flag{sti11_us3_da_x0r_for_my_s3cratz} with the key quart%jar 6f oil mixed with zinc oxide 4akes a very bright paint|

Leave a Reply

Your email address will not be published. Required fields are marked *