Challenge provides us
utctf2020_galios_server.py and a server:
nc crypto.utctf.live 9004
- File: utctf2020_galios_server.py
Connecting to the server gives you three options:
- encrypt a message
- decrypt a message
The encrypted flag is immediately given.
Looking at the the provided utctf2020_galios_server.py reveals that AES in GCM mode is being used, with a
random 16-byte key and nonce. This key however is first used for the flag, and then reused for messages
given by the user. It is therefore vulnerable to a stream cipher reused key attack:
enc(msg) ^ enc(flag) = msg ^ flag.
Since we have
enc(flag) and we can just create msg and
enc(msg), getting the flag is eazy peazy.
enc_flag = bytes.fromhex('9982330ff00b14a0bc02f8c20c18cfd6d2de88171b27995e2fc11caa5a138ba8') msg = b'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' enc_msg = bytes.fromhex('adb71422d02d2ed79e2ee6e57d2beca6f7fbfa380552ef285ae336b42c65fd94') msg_xor_flag = bytes([x ^ y for (x, y) in zip(enc_msg, enc_flag)]) flag = bytes([x ^ y for (x, y) in zip(msg, msg_xor_flag)]) print(flag)