GuidePoint Security CTF 2021 - Ssxor (crypto)

2 minute read Published:

Writeup for the Guidepoint 2021 CTF Ssxor crypto challenge

Guidepoint Security CTF 2021 - Ssxor (crypto)

For this challenge we get an encrypted string and the python script that was used to generate it:

import binascii
flag = 'StormCTF{Crypto4:blahblahblah}'
flag_rev = list(flag[::-1])
stuff = zip(flag, flag_rev)

x = lambda x,y: chr(ord(x) ^ ord(y))

out = list()
out += [x(s[0],s[1]) for s in stuff]
final = [str(b, 'ascii') for b in [binascii.hexlify(bytes(x, 'utf-8')) for x in out]]


stuff = zip(flag_rev, out)
out = list()
out += [x(s[0],s[1]) for s in stuff]

Basically all this script does it take the flag and XOR it with a the flag reversed. This gives the output an interesting property, namely that the first half of the output string is the same as the second half of the string backwards. After all, if you have flag and XOR it with galf your first output char f^g is going to be the same as your last output char g^f.

Now comes the part where we take some serious advantage of the fact that we know what format the flag is going to be in, we only don’t know what blahblahblah should be. We do know that the known half of the flag is the same length as the unknown half, and that XOR is a symmetric operation. (A^B=C, A^C=B, C^B=A) When we XOR our known half with the ciphertext of the known half we get the “keystream” back, but in this case our “keystream” will be the second half of our flag reversed.

from pwn import *
import binascii


crib = "StormCTF{Crypto4:"
section = data[0:17]

end = pwnlib.util.fiddling.xor(crib, section)[::-1].decode('utf-8')