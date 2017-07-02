Volga CTF 2017：PyCrypto (Crypto 150)の解説 @in0o0o0
問題
encrypt.py
encrypt.py we are given pycryptography.so, so we can call encrypt function (“so” extension is used to shared libraly )
encrypt.py https://docs.python.org/3/library/stdtypes.html#str.encode
encrypt.py h#ps://docs.python.org/3/library/os.html this value is used as an encryption key (20bytes = 160 bit...
To understand the encrypt function, I changed encrypt.py and executed it ﬂag become longer 1st = b”a” 2nd = b”aa” ・ ・ 10th...
encrypt function simply add encrypted data at the end of ciphertext!! this function encrypt data by the byte donʼt receive...
Nextly, I have to ﬁgure out what kind of processing is conducted to create cipher text plain text key cipher text
test.py I inculded b”¥xa5” in both ﬂag and key
result of test.py x85 ? ¥x85 = 00 ? → XOR there are periodicity (donʼt receive a inﬂuence from previous block output)
XOR cracker https://wiremask.eu/tools/xor-cracker/ 
XOR cracker Weʼve already known key length is 20 two keys are shown as a candidate
try to decrypt key I got from XOR cracker ※this code work under python 2
cycle repeat key indeﬁnitely https://docs.python.org/2/library/itertools.html#itertools.cycle
zip data key key isnʼt repeated indeﬁnitely
ord To do xor operation, I have to convert string to integer . If I apply ord function to “key” , I get these values (→) ....
ord a code point is any of the numerical values that make up the code space https://en.wikipedia.org/wiki/Code_point
Unicode is a character set UTF-N is an encoding h#p://equj65.net/tech/charcode/
31 ↓ http://inamidst.com/stuﬀ/unidata/ Unicode Codepoint
chr chr function is used to convert integer to string
result (ﬁrst key ver.) ﬂag format is “VolgaCTF{”, so possible key is a little bit diﬀerent from correct key (skip the rest...
result (second key ver.) … I should not use second key (skip the rest)
use easy math to ﬁnd correct key from plain&cipher text plain text “VolgaCTF{“ key cipher text (ﬂag.enc) key cipher ...
estimate original plain text from ﬂag format ﬂag format is “VolgaCTF{” ↑these value should be changed
ASCII CODE V → 56 h#ps://charset.uic.jp/show/us-ascii/ g → 67 a → 61
useful module https://docs.python.org/3/library/binascii.html
use binary editor surely, this is the most easies way
calculate correct key (plain text ^ cipher = key)
then, decrypt data with new key modify the key
canʼt get the ﬂag yet 10th and 13th key may be incorrect
guess the sentence engineer? (10th) who? (13th)
corresponding value (ﬂag.enc)
identify the rest of the key the correct key is “'94xﬀx63xa3x8dx75xd8xc4x1axc1xca x24x1ex66x0cx1fxc6xe2xccxea”
the ﬂag is VolgaCTF{N@me_is_Pad_Many_Times_P@d_Mi$$_me?}
References •  Volga CTF Quals 2017 PyCrypto https://github.com/DogodCTF/ctf-writeups/ tree/master/volga-ctf-quals-2017/ Py...
Volga CTF 2017：PyCrypto（Crypto 150）の解説

Volga CTF 2017：PyCrypto（Crypto 150）の解説

