Galois
[Crypto]
Galois
Galois
Challenge provides us utctf2020_galios_server.py and a server:
- URL:
nc crypto.utctf.live 9004 - File: utctf2020_galios_server.py
Recon
Connecting to the server gives you three options:
- encrypt a message
- decrypt a message
- quit
The encrypted flag is immediately given.
Looking at the the provided utctf2020_galios_server.py reveals that AES in GCM mode is being used, with a
random 16-byte key and nonce. This key however is first used for the flag, and then reused for messages
given by the user. It is therefore vulnerable to a stream cipher reused key attack: enc(msg) ^ enc(flag) = msg ^ flag.
Since we have enc(flag) and we can just create msg and enc(msg), getting the flag is eazy peazy.
Solution
enc_flag = bytes.fromhex('9982330ff00b14a0bc02f8c20c18cfd6d2de88171b27995e2fc11caa5a138ba8')
msg = b'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
enc_msg = bytes.fromhex('adb71422d02d2ed79e2ee6e57d2beca6f7fbfa380552ef285ae336b42c65fd94')
msg_xor_flag = bytes([x ^ y for (x, y) in zip(enc_msg, enc_flag)])
flag = bytes([x ^ y for (x, y) in zip(msg, msg_xor_flag)])
print(flag)
Flag
utflag{6cm_f0rb1dd3n_4774ck_777}