xorxorxor

Who needs AES when you have XOR?

challenge.py
#!/usr/bin/python3
import os
flag = open('flag.txt', 'r').read().strip().encode()

class XOR:
    def __init__(self):
        self.key = os.urandom(4)
    def encrypt(self, data: bytes) -> bytes:
        xored = b''
        for i in range(len(data)):
            xored += bytes([data[i] ^ self.key[i % len(self.key)]])
        return xored
    def decrypt(self, data: bytes) -> bytes:
        return self.encrypt(data)

def main():
    global flag
    crypto = XOR()
    print ('Flag:', crypto.encrypt(flag).hex())

if __name__ == '__main__':
    main()

as you can see the length of the key is very small sadly its the size of the flag format in the challenge this is a classic xor encryption vulnerability where we can extract the key then decrypt the cipher text to get the flag

solve.py
flag = '134af6e1297bc4a96f6a87fe046684e8047084ee046d84c5282dd7ef292dc9'

byte = bytes.fromhex(flag)

key = b'HTB{'

keys = bytes([byte[i] ^ key[i] for i in range(len(key))])

res = bytes([byte[i] ^ keys[i % len(keys)] for i in range(len(byte))])

print(res)

PreviousRSAisEasy NextUpsolves

Last updated 1 year ago