Skip to content

multipage recyclings

1 - Challenge code and Description

1
2
3
4
As your investigation progressed, a clue led you to a local bar where you met an undercover agent with valuable information.
He spoke of a famous astronomy scientist who lived in the area and extensively studied the relic.
The scientist wrote a book containing valuable insights on the relic's location, but encrypted it before he disappeared to keep it safe from malicious intent.
The old man disclosed that the book was hidden in the scientist's house and revealed two phrases that the scientist rambled about before vanishing.

source.py 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad
import random, os

FLAG = b'HTB{??????????????????????}'


class CAES:

    def __init__(self):
        self.key = os.urandom(16)
        self.cipher = AES.new(self.key, AES.MODE_ECB)

    def blockify(self, message, size):
        return [message[i:i + size] for i in range(0, len(message), size)]

    def xor(self, a, b):
        return b''.join([bytes([_a ^ _b]) for _a, _b in zip(a, b)])

    def encrypt(self, message):
        iv = os.urandom(16)

        ciphertext = b''
        plaintext = iv

        blocks = self.blockify(message, 16)
        for block in blocks:
            ct = self.cipher.encrypt(plaintext)
            encrypted_block = self.xor(block, ct)
            ciphertext += encrypted_block
            plaintext = encrypted_block

        return ciphertext

    def leak(self, blocks):
        r = random.randint(0, len(blocks) - 2)
        leak = [self.cipher.encrypt(blocks[i]).hex() for i in [r, r + 1]]
        return r, leak


def main():
    aes = CAES()
    message = pad(FLAG * 4, 16)

    ciphertext = aes.encrypt(message)
    ciphertext_blocks = aes.blockify(ciphertext, 16)

    r, leak = aes.leak(ciphertext_blocks)

    with open('output.txt', 'w') as f:
        f.write(f'ct = {ciphertext.hex()}\nr = {r}\nphrases = {leak}\n')


if __name__ == "__main__":
    main()

output.txt 

1
2
3
ct = bc9bc77a809b7f618522d36ef7765e1cad359eef39f0eaa5dc5d85f3ab249e788c9bc36e11d72eee281d1a645027bd96a363c0e24efc6b5caa552b2df4979a5ad41e405576d415a5272ba730e27c593eb2c725031a52b7aa92df4c4e26f116c631630b5d23f11775804a688e5e4d5624
r = 3
phrases = ['8b6973611d8b62941043f85cd1483244', 'cf8f71416111f1e8cdee791151c222ad']

2 - Solution

Here we have a AES-CFB mode encryption and the output is like above and our message is actually the repition of the flag 4 times\ We also have some leaks which is encryption of encrypted message according to aes-cfb decryption process we should encrypt previous cipher text and xor it with current ciphertext to recover the message\ Here in leaks we have blocksp[3] and blocks[4] encrypton so if we xor blocks[4] with leaks[0] and blocks[5] with leaks[1] we should get two decrypted blocks of the message

1
2
d41e405576d415a5272ba730e27c593e ^ 8b6973611d8b62941043f85cd1483244 = _w34k_w17h_l34kz
b2c725031a52b7aa92df4c4e26f116c6 ^ cf8f71416111f1e8cdee791151c222ad = }HTB{CFB_15_w34k

So here is the flag: 

1
HTB{CFB_15_w34k_w17h_l34kz}

Authors - Kourosh Rajabzadeh