Babycrypt [Reverse]
Aero CTF 2020

Babycrypt

We developed our own program for encrypting text. But it is not very convenient and seems to encrypt not secure. Try a plaintext attack to get key and decode flag!

Recon

The RAR archive contains two files, an ELF binary which is used to encrypt text and a note.dat file which contains encrypted examples.

$ file bcry 
bcry: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=8511e412ca99e12617b385734f5cee1f24e3cc84, for GNU/Linux 3.2.0, stripped

$ cat note.dat
key: %key%
text: test_test_test_test_test
Encoded: 7685737a9f7895737a9f84857b769f7a657b769f78898378

key: %key%
text: qwertyuiopasdfgh
Encoded: 717785747885858d6f7e917364686776

key: %key%
text: skIllaoInasJjklqo19akq9k13k45k69alq1
Encoded: 7393a992708d8fad708d83aa7273707d6f3939856b7d398bb53b8b34b573b6c5618e7135

key: %key%
text: %flag%
Encoded: 8185748f7b3b3a3565454584b8babbb8b441323ebc8b3a86b5899283b9c2c56d64388889b781


*Note: in all three cases used one key*

By testing the binary we noticed that the length of the encoded text is the same as the input text (if hex-decoded) and that the input text is encoded character for character - We can bruteforce the encoded flag.

Bruteforce

$ ./bcry 
key: 0011223344556677
text: AAAAAAAA
Encoded: a1a9a9a9a1adada9

$ ./bcry 
key: 0011223344556677
text: AABBBBAA
Encoded: a1a9acaaa2aaada9

We bruteforce the key manually by changing every character of the key (length 16) and see which character matches the encoded examples. We did this for every encoded example and ended up with the key abcdefg023156789.

We can use this as key to bruteforce the flag.

Code

from pwn import *


enc_flag = "8185748f7b3b3a3565454584b8babbb8b441323ebc8b3a86b5899283b9c2c56d64388889b781"
key = "abcdefg023156789"

text = "0123456789abcdef"

flag = "Aero{"

for i in range(32):
    for c in text:
        test_flag = flag + c + "x"*(36-len(flag)) + "}"
        p = process("./bcry")
        p.sendafter("key:", key +"\n")
        p.sendafter("text:", test_flag +"\n")
        enc_string = p.recvline()[10:]
        if enc_string[i*2+10:i*2+12] == enc_flag[i*2+10:i*2+12]:
            flag += c
            break

print flag + "}"

Flag

Aero{381a95d003629088c8f1ebc189ab6fe7}