1 of 6

Crypto

OFBuscated

So, from the title, we guess it's using OFB encryption.

For those of you that don't know, OFB encryption works like this: Firstly, like any AES mode, there is a key, and then with OFB, you also have an IV. Then:

Encrypt the IV using the key
Sets the new IV to the encrypted IV
Xor the plaintext block with the encrypted IV, and then this is the output

This repeats for each block.

After reading the script, we can work out that:

It takes the flag.txt, and reads this
Pads this data using pkcs7 padding
Splits the data into blocks of 16 bytes

Since the IV and key stay constant, we can connect and receive as many data samples as we want, and since there are 3 blocks, there are only 6 possible permutations for the blocks to be in. (doesn't really matter but whatever)

Looking even closer at the script, we see this line:

This means that the length of the flag must be 33, as we have already established that there are three blocks. This also means, because of the way the data is padded, that one of the blocks must be "}\x0f\x0f\x0f\x0f\x0f\x0f\x0f\x0f\x0f\x0f\x0f\x0f\x0f\x0f\x0f" (we know the last char is "}")

Now, we can simply attempt to XOR each block with this string to get the key for that block, and then XOR that with the other blocks to get the flag. I made this table for convenience.

We then XOR f24f00b65180b6161b2b9da92d2e42ae with 7d0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f to get 8f400fb95e8fb919142492a622214da1, which is what XOR key was used to encrypt the first block.

Then, we simply XOR this key with each of the other blocks to get the rest of the flag.

Flag: flag{bop_it_twist_it_pull_it_lol}

Tyrannosaurus Rex

So the encryption takes some data, then base64 encodes it and encrypts it by XORing each byte with the byte after it, wrapping the last byte around to the start. The result is then hexlified. So, we can simply bruteforce the first byte in order to bruteforce what the decryption is. This gives us the base64 of the flag, which can be base64 decoded to get:

Flag: flag{tyrannosauras_xor_in_reverse}

Perfect XOR

If we try to run this, we would eventually get the flag, but it's really slow, so let's try to not do that.

If we take a look at the a() function, we can see that it

Has a loop that goes from 1 to n (for i in range)
Defines b to be 0
- Checks if i is a multiple of n
  - If so, add i to b
- If b is equal to n, return True

We can see (and also guessing by the title) that this will only return true on perfect numbers. Knowing this, I just looked up a list of perfect numbers, and then just XORed each number with the corresponding perfect number.

Script below.

Then we just wrap the output with flag and submit it

Flag: flag{tHE_br0kEN_Xor}

Bon Apettit

just a boneh durfee attack lol (make sure to change lattice size to 5)

Flag: flag{bon_appetit_that_was_one_big_meal}

A E S T H E T I C

its an ECB oracle, ill explain this in detail later when i get the time

Flag: flag{aes_that_ick_ecb_mode_lolz}

OFBuscated

So, from the title, we guess it's using OFB encryption.

For those of you that don't know, OFB encryption works like this: Firstly, like any AES mode, there is a key, and then with OFB, you also have an IV. Then:

Encrypt the IV using the key
Sets the new IV to the encrypted IV
Xor the plaintext block with the encrypted IV, and then this is the output

This repeats for each block.

After reading the script, we can work out that:

It takes the flag.txt, and reads this
Pads this data using pkcs7 padding
Splits the data into blocks of 16 bytes

Looking even closer at the script, we see this line:

Now, we can simply attempt to XOR each block with this string to get the key for that block, and then XOR that with the other blocks to get the flag. I made this table for convenience.

We then XOR f24f00b65180b6161b2b9da92d2e42ae with 7d0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f to get 8f400fb95e8fb919142492a622214da1, which is what XOR key was used to encrypt the first block.

Then, we simply XOR this key with each of the other blocks to get the rest of the flag.

Flag: flag{bop_it_twist_it_pull_it_lol}

Perfect XOR

If we try to run this, we would eventually get the flag, but it's really slow, so let's try to not do that.

If we take a look at the a() function, we can see that it

Has a loop that goes from 1 to n (for i in range)
Defines b to be 0
- Checks if i is a multiple of n
  - If so, add i to b
- If b is equal to n, return True

Script below.

Then we just wrap the output with flag and submit it

Flag: flag{tHE_br0kEN_Xor}

cipher = [list of base64decoded stuff]
p = [6,28,496,8128,33550336,8589869056,137438691328,2305843008139952128,2658455991569831744654692615953842176,191561942608236107294793378084303638130997321548169216,13164036458569648337239753460458722910223472318386943117783728128,14474011154664524427946373126085988481573677491474835889066354349131199152128,23562723457267347065789548996709904988477547858392600710143027597506337283178622239730365539602600561360255566462503270175052892578043215543382498428777152427010394496918664028644534128033831439790236838624033171435922356643219703101720713163527487298747400647801939587165936401087419375649057918549492160555646976,141053783706712069063207958086063189881486743514715667838838675999954867742652380114104193329037690251561950568709829327164087724366370087116731268159313652487450652439805877296207297446723295166658228846926807786652870188920867879451478364569313922060370695064736073572378695176473055266826253284886383715072974324463835300053138429460296575143368065570759537328128]
o = ""
for i in range(len(p)):
  o += (chr(p[i] ^ cipher[i]))

print(o)

cipher = [list of base64decoded stuff]
p = [6,28,496,8128,33550336,8589869056,137438691328,2305843008139952128,2658455991569831744654692615953842176,191561942608236107294793378084303638130997321548169216,13164036458569648337239753460458722910223472318386943117783728128,14474011154664524427946373126085988481573677491474835889066354349131199152128,23562723457267347065789548996709904988477547858392600710143027597506337283178622239730365539602600561360255566462503270175052892578043215543382498428777152427010394496918664028644534128033831439790236838624033171435922356643219703101720713163527487298747400647801939587165936401087419375649057918549492160555646976,141053783706712069063207958086063189881486743514715667838838675999954867742652380114104193329037690251561950568709829327164087724366370087116731268159313652487450652439805877296207297446723295166658228846926807786652870188920867879451478364569313922060370695064736073572378695176473055266826253284886383715072974324463835300053138429460296575143368065570759537328128]
o = ""
for i in range(len(p)):
  o += (chr(p[i] ^ cipher[i]))

print(o)

Crypto

OFBuscated

hashtagFlag: flag{bop_it_twist_it_pull_it_lol}

Tyrannosaurus Rex

hashtagFlag: flag{tyrannosauras_xor_in_reverse}

Perfect XOR

hashtagFlag: flag{tHE_br0kEN_Xor}

Bon Apettit

hashtagFlag: flag{bon_appetit_that_was_one_big_meal}

A E S T H E T I C

hashtagFlag: flag{aes_that_ick_ecb_mode_lolz}

Tyrannosaurus Rex

hashtagFlag: flag{tyrannosauras_xor_in_reverse}

Bon Apettit

hashtagFlag: flag{bon_appetit_that_was_one_big_meal}

OFBuscated

hashtagFlag: flag{bop_it_twist_it_pull_it_lol}

Crypto

A E S T H E T I C

hashtagFlag: flag{aes_that_ick_ecb_mode_lolz}

Perfect XOR

hashtagFlag: flag{tHE_br0kEN_Xor}

Flag: flag{bop_it_twist_it_pull_it_lol}

Flag: flag{tyrannosauras_xor_in_reverse}

Flag: flag{tHE_br0kEN_Xor}

Flag: flag{bon_appetit_that_was_one_big_meal}

Flag: flag{aes_that_ick_ecb_mode_lolz}

Flag: flag{tyrannosauras_xor_in_reverse}

Flag: flag{bon_appetit_that_was_one_big_meal}

Flag: flag{bop_it_twist_it_pull_it_lol}

Flag: flag{aes_that_ick_ecb_mode_lolz}

Flag: flag{tHE_br0kEN_Xor}