English [EKOPARTY PRE-CTF 2015] [Cry200 – Perfect security] Write Up

Description

Perfect security
Description: It is not maybe so perfect.

Hints: Use the golden math!

Attachment: crypto200.zip

Resolution

Zip contains a crypted file and the program which has been used in order to encrypt clear text.
In fact the program is a simple xor between clear text and a mask.
The hint makes us guess that the mask is the golden number.
Indeed, it is.

We made a simple script which xors crypted message with phi :

#include <iostream>
#include <fstream>
#include <vector>
#include <map>


std::vector<unsigned char> read(const std::string &path)
{
 std::ifstream file(path.c_str(),std::ios::in|std::ios::binary);
 if(!file)
 {
 std::cout<<"Impossible d'ouvrir le fichier "<<path<<std::endl;
 exit(-1);
 }
 file.seekg(0,std::ios_base::end);
 long size = file.tellg();
 file.seekg(0,std::ios_base::beg);

 std::vector<unsigned char> buf(size);
 file.read((char*)&buf[0],sizeof(unsigned char)*size);
 file.close();

 return buf;
}

int main()
{
 std::vector<unsigned char> crypted = read("output.enc");

 std::vector<unsigned char> hex;
 for(unsigned int i=0;i<crypted.size();i+=2)
 {
 if(crypted[i]<='9'&&crypted[i+1]<='9')
 hex.push_back((crypted[i]-'0')*16+(crypted[i+1]-'0'));
 else if(crypted[i]<='9')
 hex.push_back((crypted[i]-'0')*16+(crypted[i+1]-'a'+10));
 else if(crypted[i+1]<='9')
 hex.push_back((crypted[i]-'a'+10)*16+(crypted[i+1]-'0'));
 else
 hex.push_back((crypted[i]-'a'+10)*16+(crypted[i+1]-'a'+10));
 }

std::string goldenNumber = "1.6180339887498948482045868343656381177203091798057\
 628621354486227052604628189024497072072041893911374847540880753868917521266338\
 622235369317931800607667263544333890865959395829056383226613199282902678806752\
 087668925017116962070322210432162695486262963136144381497587012203408058879544\
 547492461856953648644492410443207713449470495658467885098743394422125448770664\
 780915884607499887124007652170575179788341662562494075890697040002812104276217\
 711177780531531714101170466659914669798731761356006708748071013179523689427521\
 948435305678300228785699782977834784587822891109762500302696156170025046433824\
 377648610283831268330372429267526311653392473167111211588186385133162038400522\
 216579128667529465490681131715993432359734949850904094762132229810172610705961\
 164562990981629055520852479035240602017279974717534277759277862561943208275051\
 312181562855122248093947123414517022373580577278616008688382952304592647878017\
 889921990270776903895321968198615143780314997411069260886742962267575605231727\
 775203536139362107673893764556060605921658946675955190040055590895022953094231\
 248235521221241544400647034056573479766397239494994658457887303962309037503399\
 385621024236902513868041457799569812244574717803417312645322041639723213404444\
 948730231541767689375210306873788034417009395440962795589867872320951242689355\
 730970450959568440175551988192180206405290551893494759260073485228210108819464\
 454422231889131929468962200230144377026992300780308526118075451928877050210968\
 424936271359251876077788466583615023891349333312231053392321362431926372891067\
 050339928226526355620902979864247275977256550861548754357482647181414512700060\
 238901620777322449943530889990950168032811219432048196438767586331479857191139\
 781539780747615077221175082694586393204565209896985556781410696837288405874610\
 337810544439094368358358138113116899385557697548414914453415091295407005019477\
 548616307542264172939468036731980586183391832859913039607201445595044977921207\
 612478564591616083705949878600697018940988640076443617093341727091914336501371\
 576601148038143062623805143211734815100559013456101180079050638142152709308588\
 092875703450507808145458819906336129827981411745339273120809289727922213298064\
 294687824274874017450554067787570832373109759151177629784432847479081765180977\
 872684161176325038612112914368343767023503711163307258698832587103363222381098\
 090121101989917684149175123313401527338438372345009347860497929459915822012581\
 045982309255287212413704361491020547185549611808764265765110605458814756044317\
 847985845397312863016254487611485202170644041116607669505977578325703951108782\
 308271064789390211156910392768384538633332156582965977310343603232254574363720\
 412440640888267375843395367959312322134373209957498894699565647360072959998391\
 288103197426312517971414320123112795518947781726914158911779919564812558001845\
 506563295285985910009086218029775637892599916499464281930222935523466747593269\
 516542140210913630181947227078901220872873617073486499981562554728113734798716\
 569527489008144384053274837813782466917444229634914708157007352545707089772675\
 469343822619546861533120953357923801460927351021011919021836067509730895752895\
 774681422954339438549315533963038072916917584610146099505506480367930414723657\
 203986007355076090231731250161320484358364817704848181099160244252327167219018\
 933459637860878752870173935930301335901123710239171265904702634940283076687674\
 363865132710628032317406931733448234356453185058135310854973335075996677871244\
 905836367541328908624063245639535721252426117027802865604323494283730172557440\
 583727826799603173936401328762770124367983114464369476705312724924104716700138\
 247831286565064934341803900410178053395058772458665575522939158239708417729833\
 728231152569260929959422400005606266786743579239724540848176519734362652689448\
 885527202747787473359835367277614075917120513269344837529916499809360246178442\
 675727767900191919070380522046123248239132610432719168451230602362789354543246\
 176997575368904176365025478513824631465833638337602357789926729886321618583959\
 036399818384582764491245980937043055559613797343261348304949496868108953569634\
 828178128862536460842033946538194419457142666823718394918323709085748502665680\
 398974406621053603064002608171126659954199368731609457228881092077882277203636\
 684481532561728411769097926666552238468831137185299192163190520156863122282071\
 559987646842355205928537175780765605036773130975191223973887224682580571597445\
 740484298780735221598426676625780770620194304005425501583125030175340941171910\
 192989038447250332988024501436796844169479595453045910313811621870456799786636\
 617460595700034459701135251813460065655352034788811741499412748264152135567763\
 940390710387088182338068033500380468001748082205910968442026446402187705340100\
 318028816644153091393948156403192822785482414510503188825189970074862287942155\
 895742820216657062188090578088050324676991297287210387073697406435667458920258\
 656573978560859566534107035997832044633634648548949766388535104552729824229069\
 984885369682804645974576265143435905093832124374333387051665714900590710567024\
 887985804371815126100440381488040725244061642902247822715272411208506578883871\
 249363510680636516674322232776775579739927037623191470473239551206070550399208\
 844260370879084333426183841359707816482955371432196118950379771463000755597537\
 957035522714493191321725564401283091805045008992187051211860693357315389593507\
 903007367270233141653204234015537414426871540551164796114332302485440409406911\
 456139873026039518281680344825254326738575900560432024537271929124864581333441\
 698529939135747869895798643949802304711696715736228391201812731291658995275991\
 922031837235682727938563733126547998591246327503006059256745497943508811929505\
 685493259355318729141801136412187470752628106869830135760524719445593219553596\
 104528303148839117693011965858343144248948985655842508341094295027719758335224\
 429125736493807541711373924376014350682987849327129975122868819604983577515877\
 178041069713196675347719479226365190163397712847390793361111914089983056033610\
 609871717830554354035608952929081846414371392943781356048203894791257450770755\
 751030024207266290018090422934249425906066614133228722698069014599451199547801\
 639915141261252572828066433126165746938819510644216738718000110042184830258091\
 654338374923641183888564685143150063731904295148146942431460895254707203740556\
 691306922099080481945297511065046428105417755259095187131888359147659960413179\
 602094153085855332387725380232727632977372143127968216716234421183201802881412\
 747443168847218459392781435474099999072233203059262976611238327983316988253931\
 262006503702884478286669404473079471047612558658375298623625099982323359715507\
 233838332440815257781933642626304330265895817080045127887311593558774721725649\
 470005163667257715392098409503274511215368730091219962952276591316370939686072\
 713426926231547533043799331658110736964314217197943405639155121081081362626888\
 569748068060116918941750272298741586991791453499462444194012197858601373660828\
 690722365147713912687420966513787562059185432888834174292090156313328319357562\
 208971376563097850156315498245644586542479293572282875060848145335135218172958\
 793299117100324762220521946451053624505129884308713444395072442673514628617991\
 832336459836963763272257569159723954383052086647474238151107927349483695239647\
 926899369832491799950278950006045966131346336302494995148080532901790297518251\
 587504900743518798351183603272277260171740453557165885557829729106195819351710\
 554825793070910057635869901929721799516873117556314448564810022001425454055429\
 273458837116020994794572082378043687189448056368918258024449963187834202749101\
 533579107273362532890693347412380222201162627711930854485029541913200400999865\
 566651775664095365619789781838045103035651013158945890287186108690589394713680\
 148457001836649564720329433437429894642741255143590584348409195487015236140317\
 391390361644019845505104912116979200120199960506994966403035086369290394100701\
 945053201623487276323273244943963048089055425137972331475185207091025063685981\
 679530481810073942453170023880475983432345041425843140636127210960228242337822\
 809027976596077710849391517488731687771352239009117117350918600654620099024975\
 852779254278165970383495058010626155333691093784659771052975022317307412177834\
 418941184596586102980187787427445638669661277245038458605264151030408982577775\
 447411533207640758816775149755380471162966777100587664615954967769270549623939\
 857092550702740699781408431249653630718665337180605874224259816530705257383454\
 157705429216299811491750861131176577317209561565647869547448927132060806354577\
 946241453106698374211379816896382353330447788316933972872891810366408326985698\
 825443851667586228993069643468489751484087903964760420361020602171739447026348\
 763365439319522907738361673898117812424836557810503416945156362604300366574310\
 847665487778012857792364541852244723617137422925584159313561286637167032807217\
 155339264632573067306391085410886808574283858828060230334140855039097353872613\
 451196292641599521278931135443146015273090255382710432596622674390374556361228\
 613907831943357059003814870089866131539819585744233044197085669672229314273074\
 138488278897558886079973870447020316683485694199096548029824931981765792682985\
 562972301068277723516274078380743187782731821191969528005160879157212882633796\
 823127256287000150018292975772999357909491964076344286157571354442789838304045\
 470271019458004258202120234458063034503365814721854920367998997293535391968121\
 331951653797453991114942444518303385884129040181781882137600665928494136775431\
 745160540938711036871521164040582193447120448277596054169486453987832626954801\
 391501903899593130670318661670663719640256928671388714663118919268568269199527\
 645799771827875946096161721886810945465157886912241060981419726861925547878992\
 631535947292282508054251690681401078179602188533076230556381631640192245450325\
 76567392599765175308014271607143087188628598360374650571";

 std::vector<unsigned char> out;
 for(unsigned int i=0;i<hex.size()&&i<goldenNumber.size();i++)
 out.push_back(hex[i]^goldenNumber[goldenNumber.size()-hex.size()+i]);
 std::ofstream ofs("out.gif",std::ios::binary|std::ios::out|std::ios::trunc);
 ofs.write((char*)&(out[0]),out.size());
 return 0;
}

We obtained a gif file, on which the flag is written.

Flag was : EKO{perfect_cipher_with_a_weak_key_not_so_perfect}

2 thoughts on “[EKOPARTY PRE-CTF 2015] [Cry200 – Perfect security] Write Up”

  1. Hello Alkanor,

    I’m currently learning more about the CTF reading and learning from your posts. Therefore, I’d like to ask something about your code, because I can’t understand the way you did it.

    if(crypted[i]<='9'&&crypted[i+1]<='9')
    hex.push_back((crypted[i]-'0')*16+(crypted[i+1]-'0'));
    else if(crypted[i]<='9')
    hex.push_back((crypted[i]-'0')*16+(crypted[i+1]-'a'+10));
    else if(crypted[i+1]<='9')
    hex.push_back((crypted[i]-'a'+10)*16+(crypted[i+1]-'0'));
    else
    hex.push_back((crypted[i]-'a'+10)*16+(crypted[i+1]-'a'+10));

    I really don't understand why you are taking two numbers and comparing them to '9'. If you could explain my how it works I would really appreciate it.

    Second, why the golden number size is shorter than the output.enc? Shouldn't be the same size or longer?

    Best,
    Niemand

    1. Hi Niemand,

      the crypted text is composed of letters from a to z and of digits from 0 to 9 (or maybe I converted it, I don’t remember honestly). That’s why I use a comparaison with ‘9’ : when char is not <= '9', we can be sure it is located between 'a' and 'f'. Basically the code you mentioned is a conversion from 'xx' (2 hex string) to char.
      (for instance, '10' is converted to char 16, 'a2' is converted to char 162, …)

      Secondly, I chose the golden number size in order to have a valid file at the end of the process, so that can explain it isn't exactly the same size as output.enc (I modified it a posteriori).

      Hope it's understandable,
      best,
      Alkanor

Leave a Reply to Niemand Cancel reply

Your email address will not be published. Required fields are marked *