CREATIVE CHAOS

# An Exclusive Key (crypto)

## Intro

This is my write-up of a Cryptography challenge An Exclusive Key on the CTF site 247CTF.com.

## Instructions

We XOR encrypted this file, but forgot to save the password. Can you recover the password for us and find the flag?

## Howto

The tool of choice for this assignment was xortool.

First idea was that the key was simply the flag. So as we know the structure of the flag, we can try a part of the key. We will be using what is known as Known-plaintext attack.

``````\$ xortool-xor -r "247ctf{" -f exclusive_key

<!DoctY^A^S/9a9&n\2h4="&2j;2&ps4>i#j;'
``````

Making progress, we can observe `<!DoctY` at the very beginning of the file, there is high probability that we are working with an html file based on the document type declaration.

As we can see, `D` and `Y` are capital, so we can assume that `oct` should be to, we could calculate `xor` or just try to make our guessed key all capital letters.

``````\$ xortool-xor -r "247CTF{" -f exclusive_key
<!DOCTY^A^S/^YA^Y&n\2H^T^]"&2j^[^R^Fps4>I^CJ;'<l^^ZVoi^V^Mb^R^G|d\$v^U
``````

So we are now more certain that the key is the flag itself, to continue, we can use `xortool` again, to try to guess the full key. 24ctf.com has keys in format 24CTF{32-hex}, full flag size is 40 bytes, so lets put that length in the `xortool`.

``````kali@kali:~/Documents/247ctf/cryptography/anexclusivekey\$ xortool -l 40 -o exclusive_key
100 possible key(s) of length 40:
'gab\x16\x01\x13.67mg4kd77l:ac`a0dl`#c6606gram3ab(
'f`c\x17\x00\x12/76lf5je66m;`ba`1ema"b7717fs`l2`c)
'ec`\x14\x03\x11,45oe6if55n8cabc2fnb!a4424epco1c`*
'dba\x15\x02\x10-54nd7hg44o9b`cb3goc `5535dqbn0ba+
"cef\x12\x05\x17*23ic0o`33h>egde4`hd'g2242cvei7ef,
...
Found 35 plaintexts with 95%+ valid characters
See files filename-key.csv, filename-char_used-perc_valid.csv
``````

We got lucky, the tool found 35 possible keys and generated the corresponding plain texts. To get the one we need, we can grep all of the keys with the known part of the key.

``````kali@kali:~/Documents/247ctf/cryptography/anexclusivekey\$ cat xortool_out/filename-key.csv | grep 247CTF
xortool_out/14.out;b"247CTF{cb82a>1bb9o4654e195v6ccec2'48f47}"
``````

So proposed key from `xortool` is:

``````247CTF{cb82a>1bb9o4654e195v6ccec2'48f47}
``````

As the 32 bytes in the flag should be all hex, we can see that the key is not 100% correct.

Confirm that with printing the plain text.

``````\$ cat xortool_out/14.out
``````

There are parts of the text that are not decrypted right.

Exploit:

``````#!/usr/bin/env python

from pwn import *

out = xor(x, '247CTF{cb82a>1bb9o4654e195v6ccec2'48f47}')

print out
``````
``````\$ ./exploit.py > decode.html
``````

We need to replace `>` and `'` with the right characters. We can calculate them with XOR (character from encrypted text xor guessed character from plaintext).

When we do that, it still won’t be correct.

So try to find the last wrong character to get the password. Count the errors in the decrypted text.