Writeups
  • Writeups
  • 2020 Writeups
    • Angstrom
      • Git Good
      • Secret Agents
      • windows of opportunity
      • Califrobnication
      • Patcherman
      • Just Rust
      • No canary
      • WS3
      • Confused Streaming
      • Reasonably Secure Algorithm
      • Defund's Crypt
      • Low-kee
      • Discrete Superlog
      • Wacko Images
      • Shifter
      • Xmas Still Stands
      • Noisy
      • Canary
      • Inputter
      • clam clam clam
      • PSK
      • Taking Off
      • Consolation
      • Wooosh
      • Signal_of_hope
      • One Time Bad
      • Revving up
    • bsidesBOS
      • Binary Exploitation
        • Patches
        • Sea Shells
      • Cryptography
        • Alice and Bob
        • Exodia
        • Fancy Caesar
        • Flag-SP Network
        • Maelstrom
      • Forensics
        • Amnesia
        • Mercury
        • Mobility
        • Patchwork Quilt
        • Spy Cam
      • Misc
        • Tea-mix
        • Swipe
      • Scripting
        • Flushed Revenge
        • Reggae
        • Robot Takeover
      • Steg
        • Dimension 0
        • Saving The World
        • Secret Romance
      • Warmup
        • Give Up
        • Kiddie Pool
        • Play The Harp
        • Where's The Body
        • Baseball
        • Ez Bake Oven
        • Y2K
      • Web
        • Clown Show
        • Yet Another Micro-story Library
    • Crypto CTF
      • Amsterdam
      • One Line Crypto
      • Trailing Bits
      • Gambler
    • Covid19 CTF
      • Sql db 3
      • Web 1 (Something Derpy? Idk)
      • ECB is the best CB
      • Db 2
      • Scouting
    • FWordCTF
      • Pwn
        • Welcome Pwner
        • One Piece Remake
        • Numbers
      • Misc
        • Secret Array
        • Twis Twis Litlle Star
      • Web
        • JAILOO WARMUP
      • Rev
        • Tornado
        • XO
        • Beginner Rev
        • Fibo
      • Crypto
        • Randomness
        • One Part!
        • BDBG
        • Weird RSA
      • OSINT
        • Identity Fraud
      • Bash
        • CapiCapi - bash
      • Forensics
        • NULL
    • Google
      • Reversing
        • Beginner
      • Hardware
        • Basics
      • Crypto
        • Chunk Norris
        • Sharky - Crypto
      • Sandbox
        • Writeonly
    • Hacktivity Con
      • Binary Exploitation
        • Pancakes
        • Statics and Dynamics
        • Space Force
          • Space Force - Binary Exploitation
        • Bullseye
      • Scripting
        • Misdirection
        • Rescue Mission
        • Hashbrown Casserole
        • Flushed
        • Tootsie Pop
      • Crypto
        • OFBuscated
        • Tyrannosaurus Rex
        • Perfect XOR
        • Bon Apettit
        • A E S T H E T I C
      • Steg
        • Cold War
        • substitute face
        • Vencryption
      • Mobile
        • Mobile One
      • Web
        • Lightweight Contact Book
        • Bite
        • Ladybug
      • Forensics
        • Domo Arigato
      • Warm Up
        • Hexgedit
        • Caesar Mirror
        • Internet Cattos
      • Misc
        • Private Investigator
    • Houseplant
      • 11
      • Deep Lyrics
      • Adventure Revisited
      • CH₃COOH
      • Rivest Shamir Adleman
      • Zip-a-dee-doo-dah
      • Pie Generator
      • Ez
      • Groovin and Cubin
      • QR Generator
      • Half
      • Tough
      • Beginner Writeups
      • Spilled Milk
      • Fire-place
      • Survey Writeup: Houseplant 2020
      • Sizzle
      • Post-Homework Death
      • Rainbow vomit
      • Lemon
      • I dont like needles
      • Pz
      • Music Lab
      • Ezoterik
      • Parasite
      • Catography
      • Selfhost all the things!
      • Satan's jigsaw
    • HSCTF
      • Web
        • Broken Tokens
      • Binary Exploitation
        • Pwnagotchi
        • Boredom
      • Reverse Engineering
        • Ice Cream Bytes
        • AP lab: Comp Sci Principles
        • AP Lab: English Language
      • Forensics
        • Meta Mountain
      • Misc
        • My First Calculator
    • NahamConCTF
      • pwn
        • Syrup
        • Conveyor Belt
        • Dangerous
      • Misc
        • Alkatraz
        • Fake File
        • Trapped
        • Awkward
      • Web
        • Official business
        • Localghost
        • Agent-95
        • PHPPhoneBook
        • Time Keeper
      • Osint
        • Tron
      • Crypto
        • Homecooked
        • raspberry
        • docxor
        • Twinning
      • Scripting
        • rotten: caesars
        • Merriam
        • Gnomes
      • poggers
    • Plaid
      • File-system-based strcmp go brrrr
    • RACTF
      • Misc
        • Teleport
        • NS.mov
        • ST.mov
        • Pearl pearl pearl
        • Discord
        • BR.mov
        • Emojasm 2
        • Spentalkux
        • EmojASM
        • Reading Between The Lines
        • Mad CTF Disease
      • OSINT
        • Tree Man
        • Brick by Brick
        • Remote Retreat
        • Suspended Belief
        • Dead Man
        • RAirways
      • Pwn
        • Finches in a Pie
        • Finches in a stack
        • Solved in a flash
        • Puffer Overflow
          • Puffer Overflow
        • Not Really AI
        • A Flash Of Inspiration
          • A Flash of Inspiration
        • Medea
        • Eccentric Encryption Engima
        • Snakes and Ladders
      • Web
        • Entrypoint
        • Admin Attack
        • Collide
        • Baiting
        • Vandalism
        • Quarantine
        • Quarantine - Hidden Information
        • Getting Admin
        • Finding Server Information
        • Insert Witty Name
      • Forensics
        • Access Granted
        • Cut Short
        • Dimensionless Loading
        • Peculiar Packet Capture
        • Disk Forensics Fun
        • A Monster Issue
        • A Musical Mix Up
        • Cheap Facades
      • Crypto
        • B007l3G CRYP70
        • Access=0000
        • B007L36 CRYP70... 4641N
        • Mysterious Masquerading Message.md
        • Really Simple Algorithm
        • Really Speedy Algorithm
        • Really Secret Algorithm
        • 0x Series
        • Really Small Algorithm
    • Redpwn CTF
      • Crypto
        • worst-pw-manager
        • 4k-rsa
        • pseudo-key
        • 12 Shades of Redpwn
        • priminity
        • base646464
        • Alien Transmissions v2
        • itsy bitsy
        • seekrypt
      • Web
        • Panda Facts
        • Static Static Hosting
        • Tux Fanpage
        • Anti textbook
        • Inspector-General
        • Login
        • Static Pastebin
      • Pwn
        • The Library
        • Coffer Overflow
        • Secret Flag
        • Dead Canary
        • Skywriting
      • Rev
        • SmArT-Solver
          • SmArT-Solver
        • Ropes
        • Aall
        • Bubbly
      • Misc
        • CaaSino
        • uglybash
        • Albatross
    • rgbCTF
      • misc
        • ye olde prng
        • Penguins
        • Picking Up The Pieces
        • Differences
        • hallo
        • Adventure
        • insert witty algorithm name here
      • rev|pwn
        • ARM 1
        • LYCH King
        • Time Machine
        • Object Oriented Programming
        • Soda Pop Bop
        • Too Slow
        • sadistic rev 2
        • Advanced Reversing Mechanics 2
        • Sadistic Reversing 1
      • ZTC
        • Ralphie
        • Peepdis
        • Vaporwave1
        • icanhaz
        • vaporwave 3
        • Vaporwave 2
      • web
        • tictactoe
        • type racer
        • keen eye
        • Countdown
        • imitation crab
      • forensics:osint
        • PI 1- Magic in the air
        • Pi 2
        • robins reddit password
        • Space Transmission
        • Insanity Check
      • beginner
        • Joke check
        • A Basic Challenge
        • Pieces
        • Quirky resolution
        • Shoob
        • Name A More Iconic Band
        • fine day
      • crypto
        • Grab your Jisho
        • Shakespeare Play, Lost (and found!)
        • (rgbctf/crypto/e.md)
        • I Love Rainbows
        • Adequate Encryption Standard
        • Occasionally Tested Protocol
        • rubikcbc
        • N-AES
    • Sharky
      • Give away 2
      • Give away 1
      • Give away 0
      • Romance Dawn
      • The hare and the tortoise
    • TJCTF
      • Circus
      • Forensics
        • Cookie Monster
        • Gamer F
        • Ling ling
        • Rap God
        • Hexillology
      • Misc
        • arabfunny
        • TTW
        • Timed
        • Gamer M
        • Zipped up
        • Discord
        • Censorship
        • Jarvis
        • Slicer
      • Reasonably Secure Algorithm
      • Login sequel
      • Seashells
      • Admin secrets
      • Web
        • Sarah Palin Fanpage
        • Circus
        • Login sequel
        • Weak Password
        • Moar Horse 4
        • Gamer W
        • File Viewer
        • Admin secrets
      • Gamer R
      • El primo
      • Crypto
        • home rolled
        • rgbsa
        • difficult decryption
        • Reasonably Secure Algorithm
        • Is this Crypto
        • Titanic
      • Reversing
        • comprehensive2
        • Forwarding
        • Gym
        • ASMR
        • Gamer R
      • Gamer M
      • Sarah Palin Fanpage
      • Zipped up
      • Is this Crypto
      • Pwn
        • OSRS
        • Stop
        • Seashells
        • Cookie Library
        • Tinder
        • El primo
      • Discord
      • Congenial Octo Couscous
      • Titanic
      • Gamer F
      • Censorship
      • Jarvis
      • OSRS
      • Moar Horse 4
      • Weak Password
      • Stop
      • Ling ling
      • Slicer
      • Cookie Library
      • Cookie Monster
      • comprehensive2
      • home rolled
      • Rap God
      • difficult decryption
      • Forwarding
      • rgbsa
      • Gym
      • arabfunny
      • Tinder
      • Timed
      • Gamer W
      • TTW
      • ASMR
      • File Viewer
      • Hexillology
    • Tokyo Westerns CTF
      • sqrt
      • easy-hash
      • Nothing much to see
      • Twin D
    • Zh3r0 CTF
      • Misc
        • Rainbow Hex
        • Find the Covid19 Vaccine
        • Welcome To Phase 2md
        • Welcome To Phase 1
        • Analyse me
        • snakes everywhere
      • Forensics
        • Run Forrest Run
        • PreDestination
        • Snow
          • Snow.md
        • Hidden Music
        • is it a troll???
        • Soundless
        • PreDestination
        • UnRemovable
        • Katycat
        • LSB Fun
        • Good Ol' IE
      • pwn
        • Command1
        • Free flag
        • Help
      • Crypto
        • We are related
        • Dozen Bases
        • Uncipher Me
        • NASA
        • RSA Warmup-Really Small Algorithm
      • Web
        • Web Warmup
        • Google Source Code
      • OSINT
        • NASA
      • Prenote: As all of these challenges were similar, we decided to combine these under one page.
  • 2021 Writeups
    • Union CTF
      • Antistatic
      • Cr0wn Air
      • Human Server
      • Mordell Primes
      • Neo-classical
      • Nutty
      • Why is a raven
Powered by GitBook
On this page

Was this helpful?

Export as PDF
  1. 2020 Writeups
  2. Hacktivity Con
  3. Crypto

OFBuscated

So, from the title, we guess it's using OFB encryption.

For those of you that don't know, OFB encryption works like this: Firstly, like any AES mode, there is a key, and then with OFB, you also have an IV. Then:

  • Encrypt the IV using the key

  • Sets the new IV to the encrypted IV

  • Xor the plaintext block with the encrypted IV, and then this is the output

This repeats for each block.

After reading the script, we can work out that:

  • It takes the flag.txt, and reads this

  • Pads this data using pkcs7 padding

  • Splits the data into blocks of 16 bytes

  • Randomly shuffles these blocks

  • Encrypts the blocks with the OFB we mentioned above.

Since the IV and key stay constant, we can connect and receive as many data samples as we want, and since there are 3 blocks, there are only 6 possible permutations for the blocks to be in. (doesn't really matter but whatever)

Looking even closer at the script, we see this line:

assert len(flag) % 16 == 1

This means that the length of the flag must be 33, as we have already established that there are three blocks. This also means, because of the way the data is padded, that one of the blocks must be "}\x0f\x0f\x0f\x0f\x0f\x0f\x0f\x0f\x0f\x0f\x0f\x0f\x0f\x0f\x0f" (we know the last char is "}")

Now, we can simply attempt to XOR each block with this string to get the key for that block, and then XOR that with the other blocks to get the flag. I made this table for convenience.

block\position:   1                                 2                            3
1 e92c6ede25edd6694b4de6f9565624d2  7e4cdcceda0a5284178d43205b448d35 24d20b9d166edb74bb80fa7ddf96d6a7
2 fb1f66cd01ffcc75787bfbd27d4d22cd  771cbab58a7528e774dd255b0b27ed56 36e1038e327cc16888b6e756f48dd0b8
3 f24f00b65180b6161b2b9da92d2e42ae  652fb2a6ae6732fb47eb3870203ceb49 3fb165f56203bb0bebe6812da4eeb0db

We then XOR f24f00b65180b6161b2b9da92d2e42ae with 7d0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f to get 8f400fb95e8fb919142492a622214da1, which is what XOR key was used to encrypt the first block.

Then, we simply XOR this key with each of the other blocks to get the rest of the flag.

e92c6ede25edd6694b4de6f9565624d2 ^ 8f400fb95e8fb919142492a622214da1 = 666c61677b626f705f69745f74776973 = flag{bop_it_twis
fb1f66cd01ffcc75787bfbd27d4d22cd ^ 8f400fb95e8fb919142492a622214da1 = 745f69745f70756c6c5f69745f6c6f6c = t_it_pull_it_lol
f24f00b65180b6161b2b9da92d2e42ae ^ 8f400fb95e8fb919142492a622214da1 = 7d0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f = }...............

Flag: flag{bop_it_twist_it_pull_it_lol}

PreviousCryptoNextTyrannosaurus Rex

Last updated 4 years ago

Was this helpful?