Hulksmash

my friends password is keysmash… :(… i got some of his old keysmashes tho… he types kinda funny…

Here’s all the files:

keysmashes.txt

1
fjdlska;sjfldka;
2
fldjs;akdka;flsj
3
d;flskajdlajf;sk
4
skflajd;a;djfksl
5
akd;sjflfja;dksl
6
flskd;ajs;fkajdl
7
fkald;sjaksldjf;
8
skd;ajflflajs;dk
9
fjs;dlakfkajd;sl
10
akfjdls;sldka;fj
11
fldjska;ajfkdls;
12
fjska;dla;slfjdk
13
s;fldjakdjfksla;
14
a;dkslfjdja;flsk
15
akf;djsldlf;skaj
16
sldjakf;a;fldksj
17
dlfka;sjskaldjf;
18
ska;djfls;akfldj

output.txt

1
ed05f1440f3ae5309a3125a91dfb0edef306e1a64d1c5f7d8cea88cdb7a0d7d66bb36860082a291138b48c5a6344c1ab

main.py

1
from Crypto.Cipher import AES
2
from Crypto.Util.Padding import pad
3

4
key = open("key.txt", "rb").read().strip()
5
flag = pad(open("flag.txt", "rb").read(), 16)
6
cipher = AES.new(key, AES.MODE_ECB)
7
open("output.txt", "w+").write(cipher.encrypt(flag).hex())

Basically, this challenge revolves entirely around using the keysmashes.txt file to figure out the key. I’m honestly a bit surprised this wasn’t solved that much, but I guess a lot of people just missed the patterns. There are two patterns you need to see:

The letters of each line in keysmashes.txt alternate from one letter in “asdf” and one in “jkl;”.
2 of each byte of “asdfjkl;” is included in each line.

And… that’s it. Easy implementation from here on out:

1
# f = open('keysmashes.txt', 'r').read().split('\n')
2

3
# chars = 'asdfjkl;'
4
# for i in f:
5
#     counts = []
6
#     for c in chars:
7
#         counts.append(i.count(c))
8
#     print(counts)
9

10
import random
11
from tqdm import trange
12
from Crypto.Cipher import AES
13
from binascii import *
14

15
even = list('asdf'*2)
16
odd = list('jkl;'*2)
17

18
def key_gen():
19
    key = ''
20
    for i in range(16):
21
        if i % 2 == 0:
22
            key += even[i//2]
23
        else:
24
            key += odd[i//2]
25
    random.shuffle(even)
26
    random.shuffle(odd)
27
    return key.encode()
28

29
ct = unhexlify('ed05f1440f3ae5309a3125a91dfb0edef306e1a64d1c5f7d8cea88cdb7a0d7d66bb36860082a291138b48c5a6344c1ab')
30

31
for i in trange(479001600//2**7):
32
    key = key_gen()
33
    cipher = AES.new(key, AES.MODE_ECB)
34
    pt = cipher.decrypt(ct)
35
    try:
36
        print(pt.decode('ascii'))
37
    except:
38
        pass

1
tjctf{low_entropy_keysmashuiyf8sa8uDYF987&^*&^}