H4ll0w3d 83 7hy n4m3
C47360ry: Cryp706r4phy
P01n75: 300
D35cr1p710n: N0u5 4v0n5 récupéré l35 50urc35 d'un é7r4n63 53rv1c3 d3 ch1ffr3m3n7... IP: c7f.8zh p0r7 11000
F1l35: sources.py (f1l3 m1551n6 47 7h3 8361nn1n6 0f 7h3 c7f)
TL;DR
An x0r 0n 4 53rv3r'5 r35p0n53 4ll0w5 u5 70 f1nd 7h3 fl46.
M37h0d0l06y
>_ cat sources.py
import sys
import random
import base64
import socket
from threading import *
FLAG = "bzhctf{REDACTED}"
serversocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
init_seed = random.randint(0,65535)
class client(Thread):
def __init__(self, socket, address):
Thread.__init__(self)
self.sock = socket
self.addr = address
self.start()
def get_keystream(self, r, length):
r2 = random.Random()
seed = r.randint(0, 65535)
r2.seed(seed)
mask = ''
for i in range(length):
mask += chr(r2.randint(0, 255))
return mask
def xor(self, a, b):
cipher = ''
for i in range(len(a)):
cipher += chr(ord(a[i]) ^ ord(b[i]))
return base64.b64encode(cipher)
def run(self):
r = random.Random()
r.seed(init_seed)
self.sock.send(b'Welcome to the Cipherizator !\n1 : Enter plain, we give you the cipher\n2 : Need a flag ?\n3 : Exit')
while 1:
self.sock.send(b'\n>>> ')
response = self.sock.recv(2).decode().strip()
if response == "1":
self.sock.send(b'\nEnter plain : ')
plain = self.sock.recv(1024).decode().strip()
mask = self.get_keystream(r, len(plain))
self.sock.send(b'Your secret : %s' % self.xor(mask, plain))
elif response == "2":
mask = self.get_keystream(r, len(FLAG))
self.sock.send(b'Your secret : %s' % self.xor(mask, FLAG))
elif response == "3":
self.sock.close()
break
if __name__ == "__main__":
if len(sys.argv) != 2:
print("usage: %s port" % sys.argv[0])
sys.exit(1)
serversocket.bind(('0.0.0.0', int(sys.argv[1])))
serversocket.listen(5)
print ('server started and listening')
while 1:
clientsocket, address = serversocket.accept()
print("new client : %s" % clientsocket)
client(clientsocket, address)Wh3n w3 0p3n 4 c0nn3c710n w17h 7h3 53rv3r v14 n37c47, w3'v3 607 7h3 f0ll0w1n6 r35p0n53:
Welcome to the Cipherizator !
1 : Enter plain, we give you the cipher
2 : Need a flag ?
3 : Exit
>>>Th3 f1r57 0p710n 45k u5 70 53nd 4 57r1n6 7h47 w3'v3 607 c1ph3r3d.
Bu7 wh3n w3 53nd 7h3 54m3 57r1n6 4f73r r3c0nn3c71n6 70 7h3 53rv3r w3 637 7h3 54m3 4n5w3r. (1n73r3571n6!)
Th3 53c0nd 0p710n r37urn5 7h3 fl46 w17h 4 d1ff3r3n7 k3y 0n 34ch c4ll.
H3r3 700, wh3n w3 570p 7h3 c0nn3c710n 4nd r3c0nn3c7, w3 n071c3 7h47 7h3 d1ff3r3n7 fl465 4lw4y5 4pp34r 1n 7h3 54m3 0rd3r, 8u7 0nly 7h3 f1r57 10. (v3ry 1n73r3571n6!!!)
Un71l 7h3n, n0 50urc3 c0d3....
By d01n6 73575 I 7ry 70 53nd 4 57r1n6 7h47 574r75 w17h '8zhc7f{'
And 7h3 8361nn1n6 0f 7h3 r37urn3d 57r1n6 c0rr35p0nd5 70 7h3 0n3 r3c31v3d 4f73r 4 f1r57 c4ll 70 0p710n 2. (v3ry v3ry 1n73r3571n6!!!!!)
S74r7 0f 7h3 57r1n6 r3c31v3d 4f73r 53nd1n6 '8zhc7f{444444...}' (d1r3c7ly 4f73r 7h3 c0nn3c710n)
rFkCYKnXS7r1n6 r3c31v3d dur1n6 4 c4ll 70 0p710n 2 (4l50 d1r3c7ly 4f73r 7h3 c0nn3c710n)
rFkCYKnXhChVUmjXdcxA+xhJAqlND71KuwvSdMcQv2v59XOwDPvuxrLMkUFCEGNz
Fr0m 7h3r3 7h3 50urc3 c0d3 w45 r3v34l3d.
I'v3 d3duc3d fr0m 7h47 17'5 4 x0r...
S0 w3'r3 601n6 70 4773mp7 4n 4774ck 8y k3y r3u53.
An 3xpl4n4710n 0f 7h3 pr1nc1pl3 c4n 83 f0und here.
F0r 7h47, w3 53nd 4 57r1n6 w17h '4' ('444444444444444444444444444444444444444444444444')
Th3 53rv3r 53nd5 u5 84ck 'r0ILYrzQnh1cVl8FdcNF6SZHBZdYB7SOhQzcZ/kcu1X55n3OH+/hy8rDl39PHnVv'
S0 w3 h4v3:
| m355463 | k3y | c1ph3r |
|---|---|---|
| m1 | k | c1 |
| m2 | k | c2 |
w17h:
m1 = 444444444444444444444444444444444444444444444444
m2 = 8zhc7f{?
k = m1 x0r c1
c1 = r0ILYrzQnh1cVl8FdcNF6SZHBZdYB7SOhQzcZ/kcu1X55n3OH+/hy8rDl39PHnVv
c2 = rFkCYKnXhChVUmjXdcxA+xhJAqlND71KuwvSdMcQv2v59XOwDPvuxrLMkUFCEGNz
W3 c4n r3c0v3r m2 w17h k x0r c2.
L37'5 d0 7h15 w17h py7h0n !
>_ cat xor.py
#!/usr/bin/env python3
import base64
alphabet = ['a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','0','1','2','3','4','5','7','8','9','A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z','_','#', '!', '}', '{']
fl = "bzhctf{"
#bzhctf{The_sands_of_time_for_me_are_running_low}
def xor_strings(s, t):
"""xor two strings together"""
if isinstance(s, str):
# Text strings contain single characters
return b"".join(chr(ord(a) ^ ord(b)) for a, b in zip(s, t))
else:
# Python 3 bytes objects contain integer values in the range 0-255
return bytes([a ^ b for a, b in zip(s, t)])
if __name__ == "__main__":
cipherText = "rFkCYKnXhChVUmjXdcxA+xhJAqlNDtiKuwvSdMcQv2vs9XOwDPvuxrLMkUFCEGNz"
cipherText = base64.b64decode(cipherText)
m = bytearray("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 'utf-8') # plain input
c1 = base64.b64decode("r0ILYrzQnh1cVlbFdcNF6SZHBZdYBtSOhQzcZ/kcu1Xs5neOH+/hybrDl39PHnVv") # cipher output
keys = list(xor_strings(c1, m))
while 1:
for i in alphabet:
message = list(xor_strings(cipherText, bytearray(fl+i+"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 'utf-8')))
if (keys[len(fl)] == message[len(fl)]):
print(i)
fl = fl+i
print(fl)
#aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
#r0ILYrzQnh1cVlbFdcNF6SZHBZdYBtSOhQzcZ/kcu1Xs5neOH+/hybrDl39PHnVv>_ ./xor.py
T
bzhctf{T
h
bzhctf{Th
e
bzhctf{The
_
bzhctf{The_
s
bzhctf{The_s
a
bzhctf{The_sa
n
bzhctf{The_san
d
bzhctf{The_sand
s
bzhctf{The_sands
_
bzhctf{The_sands_
o
bzhctf{The_sands_o
f
bzhctf{The_sands_of
_
bzhctf{The_sands_of_
t
bzhctf{The_sands_of_t
i
bzhctf{The_sands_of_ti
m
bzhctf{The_sands_of_tim
e
bzhctf{The_sands_of_time
_
bzhctf{The_sands_of_time_
f
bzhctf{The_sands_of_time_f
o
bzhctf{The_sands_of_time_fo
r
bzhctf{The_sands_of_time_for
_
bzhctf{The_sands_of_time_for_
m
bzhctf{The_sands_of_time_for_m
e
bzhctf{The_sands_of_time_for_me
_
bzhctf{The_sands_of_time_for_me_
a
bzhctf{The_sands_of_time_for_me_a
r
bzhctf{The_sands_of_time_for_me_ar
e
bzhctf{The_sands_of_time_for_me_are
_
bzhctf{The_sands_of_time_for_me_are_
r
bzhctf{The_sands_of_time_for_me_are_r
u
bzhctf{The_sands_of_time_for_me_are_ru
n
bzhctf{The_sands_of_time_for_me_are_run
n
bzhctf{The_sands_of_time_for_me_are_runn
i
bzhctf{The_sands_of_time_for_me_are_runni
n
bzhctf{The_sands_of_time_for_me_are_runnin
g
bzhctf{The_sands_of_time_for_me_are_running
_
bzhctf{The_sands_of_time_for_me_are_running_
l
bzhctf{The_sands_of_time_for_me_are_running_l
o
bzhctf{The_sands_of_time_for_me_are_running_lo
w
bzhctf{The_sands_of_time_for_me_are_running_low
}
bzhctf{The_sands_of_time_for_me_are_running_low}
Traceback (most recent call last):
File "./xor.py", line 37, in <module>
if (keys[len(fl)] == message[len(fl)]):
IndexError: list index out of rangeFLAG_IS:
8zhc7f{Th3_54nd5_0f_71m3_f0r_m3_4r3_runn1n6_l0w}