Repeat

I’m a known repeat offender when it comes to bad encryption habits. But the secrets module is secure, so you’ll never be able to guess my key!

Author: SteakEnthusiast
flag.enc
gen.py

We’re given the ciphertext and a source file for the encryption. Here’s gen.py:

1
import os
2
import secrets
3

4
flag = "REDACATED"
5
xor_key = secrets.token_bytes(8)
6

7
def xor(message, key):
8
    return bytes([message[i] ^ key[i % len(key)] for i in range(len(message))])
9

10
encrypted_flag = xor(flag.encode(), xor_key).hex()
11

12
with open("flag.enc", "w") as f:
13
    f.write("Flag: "+encrypted_flag)

Seems like a very standard XOR encryption.

Conveniently, the key length is 8 bytes. This is crucial because we actually know the first 8 bytes of the flag, i.e. uoftctf{. Therefore, since XOR is a reversible function, we can relatively easily get the flag. See below:

$First\; 8\; bytes\; of\; ciphertext\; = ct[:8] = key \oplus \text{"uoftctf\{"}$
$ct[:8] \oplus \text{"uoftctf\{"} = key \oplus \text{"uoftctf\{"} \oplus \text{"uoftctf\{"}$
$ct[:8] \oplus \text{"uoftctf\{"} = key$

Therefore, we can easily get the key and decrypt the flag! Here’s the short implementation:

1
from binascii import unhexlify
2
from Crypto.Util.strxor import strxor
3

4
ct = unhexlify("982a9290d6d4bf88957586bbdcda8681de33c796c691bb9fde1a83d582c886988375838aead0e8c7dc2bc3d7cd97a4")
5
key = strxor(ct[:8], b'uoftctf{')
6

7
def xor(message, key):
8
    return bytes([message[i] ^ key[i % len(key)] for i in range(len(message))])
9

10
flag = xor(ct, key)
11
print(flag)

Run the script to get the flag!

1
uoftctf{x0r_iz_r3v3rs1bl3_w17h_kn0wn_p141n73x7}