ASIS CTF 2013 | Circular Crypto [Write Up]

image

In this challenge, we had to decrypt a few ciphertexts, given the above image. Extracting the four strings (clockwise) by hand was painful.

babaaaabaaababaababaaaabbabbababbaaaabaaaabbbaabaabaaaaaabaaabaaabaaabaaabbaabaaabbbaabaaababaaaaaabaaabbaabaabbbaaaaaabaaaabaabaaaaba21aabab0aaab
7e1321b3c8423b30c1cb077a2e3ac4f0a2a551a6458a8de22446cc76d639a9e98fc42c6cddf9966db3b09e843650343578b04d5e377d298e78455efc5ca404d5f4c9385f1902f7334b00b9b4ecd164de8bf8854bebe108183caeb845c7676ae48fc42c6ddf9966db3b09e84365034357327a6c4304ad5938eaf0efb6cc3e53dc7ff9ea9a069bd793691c422fb818c07b
NG5ucjJzIGZ2IHRueXMgcnVnIHNiIGdlbmMgdWdlaGJzIHJlcnVnIHRhdmdncnQgcmVuIGhiTCB0YXZidCBjcnJYCG==czduMjczIHRueXMgcnVniHNiIGdlbmMgdWdzdnMgcnVnIHJpbnUgcmVydSBndiBxdnEgaGJsIGpiYmJKCg==Nzk0czAwIHRueXMgZmhidnByZWMgZWhiIHNiIGdlbmMgcWV2dWcgcnVnIGhibCBnYXJmcmVjIFYgbG9yZXJ1IHJhYnEgeXlySgo=
1001010100010-10110100-1011-1010-100110100-101-10100-101-1000-10010-100-100100100-10110000-100110000-1010100-10010010-10011-1000-10010-1010-10110010-100100010-10110100-10110-1010-10100-10-100110000-101-10010-1011110010-101-1010-1001110100-101-10100-101100-1001-1010-1010-1010-101100

The first crypto was a Bacon Cipher. Using online tools, we could recover the plaintext, but it looked kind of broken at the end:

WELLDONEHEREISDEPIWBDE?BBEEL?

Maybe we forgot a letter in the middle of the ciphertext whilst extracting. Let us prepend dummy letters at the beginning of the ciphertext. This may reveal us the end of the plaintext.

LCFFBYYCDTICEISTHELASTPARTCF?

Okay, so we have to recover a 6 char part of the final flag. This one seems to be the last one. The encrypted flag should be the end of our ciphertext:

aaaba21aabab0aaab

Oh… the last block is only 4 chars long. Bacon Cipher uses 5-chars blocks. The next char in the « loop » in the image, which is the first char of the ciphertext, is « b ». Let’s append a « b » to our encrypted flag then:

aaaba21aabab0aaabb

This decrypts into « c21f0d ». We will consider this as the last part of the flag 🙂

The next ciphertext looks like hexadecimal. The first idea which popped in our minds was concatenated md5 hashes :

7e1321b3c8423b30c1cb077a2e3ac4f0 MD5: Here
a2a551a6458a8de22446cc76d639a9e9 MD5: is
8fc42c6ddf9966db3b09e84365034357 MD5: the
8b04d5e3775d298e78455efc5ca404d5 MD5: first
f4c9385f1902f7334b00b9b4ecd164de MD5: part
8bf8854bebe108183caeb845c7676ae4 MD5: of
8fc42c6ddf9966db3b09e84365034357 MD5: the
327a6c4304ad5938eaf0efb6cc3e53dc MD5: flag
7ff9ea9a069bd793691c422fb818c07b [ ??? ]

In this CTF, the tasks’ flags were starting with « ASIS_ ». Knowing that, we could brute-force the last hash to find the hexadecimal chars :

import md5
for a in "abcdef0123456789":
    for b in "abcdef0123456789":
        if "7ff9ea9a069bd793691c422fb818c07b" == md5.md5('ASIS_' + a + b).hexdigest():
            print 'ASIS_' + a + b

This gives us the first part of the flag: ASIS_a9!

Next, we have three base64-encoded strings:

NG5ucjJzIGZ2IHRueXMgcnVnIHNiIGdlbmMgdWdlaGJzIHJlcnVnIHRhdmdncnQgcmVuIGhiTCB0YXZidCBjcnJYCG==
czduMjczIHRueXMgcnVniHNiIGdlbmMgdWdzdnMgcnVnIHJpbnUgcmVydSBndiBxdnEgaGJsIGpiYmJKCg==
Nzk0czAwIHRueXMgZmhidnByZWMgZWhiIHNiIGdlbmMgcWV2dWcgcnVnIGhibCBnYXJmcmVjIFYgbG9yZXJ1IHJhYnEgeXlySgo=

In plaintext:

4nnr2s fv tnys rug sb genc ugehbs rerug tavggrt ren hbL tavbt crrX
s7n273 tnys rugˆsb genc ugsvs rug rinu reru gv qvq hbl jbbbJ
794s00 tnys fhbvprec ehb sb genc qevug rug hbl garfrec V loreru rabq yyrJ

This is simply reversed caesar ciphertexts. They decode as:

Keep going You are getting there fourth part of the flag is f2eaa4
Wooow you did it here have the fifth part of^the flag 372a7f
Well done hereby I present you the third part of our precious flag 00f497

Nice! Three parts in a row. Let’s sum up:

1. ASIS_a9
2. ???
3. 00f497
4. f2eaa4
5. 372a7f
6. c21f0d

The last crypto (binary numbers) was very puzzling. We couldn’t decipher it. But a few minutes before the CTF ending, we noticed we could brute-force the 6 missing characters offline, because in each task, there was a client-side verification with a sha-256 hash. For this task, the hash of the flag was 6307c5441ebac07051e3b90d53c3106230dd9aa128601dcd5f63efcf824ce1ba. A quick brute-force in Python revealed us the missing chars, and therefore, the final flag to submit!

import hashlib, itertools
hash = '6307c5441ebac07051e3b90d53c3106230dd9aa128601dcd5f63efcf824ce1ba'
ch = 'abcdef0123456789'
for a, b, c, d, e, f in itertools.product(ch, ch, ch, ch, ch, ch):
    if hashlib.sha256('ASIS_a9%s00f497f2eaa4372a7fc21f0d' % (a + b + c + d + e + f)).hexdigest() == hash:
        print 'ASIS_a9%s00f497f2eaa4372a7fc21f0d' % (a + b + c + d + e + f)

ASIS_a9ec93f900f497f2eaa4372a7fc21f0d

Enjoy \o/

Publicités

Laisser un commentaire

Entrez vos coordonnées ci-dessous ou cliquez sur une icône pour vous connecter:

Logo WordPress.com

Vous commentez à l'aide de votre compte WordPress.com. Déconnexion / Changer )

Image Twitter

Vous commentez à l'aide de votre compte Twitter. Déconnexion / Changer )

Photo Facebook

Vous commentez à l'aide de votre compte Facebook. Déconnexion / Changer )

Photo Google+

Vous commentez à l'aide de votre compte Google+. Déconnexion / Changer )

Connexion à %s