Description

Venez tester notre chiffreur universel ! Nous utilisons des technologies de pointe, garanties inviolables !

Pour preuve, nous vous donnons le flag chiffré et jamais vous ne pourrez le retrouver.

nc challenges.ecsc-teamfrance.fr 2000

Resolution

Connecting to the server we got:

Welcome to our state-of-the-art encryption service!
We use PBKDF2 and AES-GCM!
As an example, here is the encrypted flag: 7b656d3993152e8f04f8273ca1509e27a3e39249cf4784e23b81d5f2524fee75f6b28a6a07a128e4880e770bc70b32bd7d5f37bb5eba76d38edb8d1964733b

Now, enter your text: test
Here is your ciphertext: 4a434d0e60fa56c7fae3c0bf62df719542469e90

PBKDF2 & AES-GCM? That does not bode well.

Interesting things:
– Encoding 2 same messages, we got the same output => every encryption uses the same parameters.
– Encoding “ECSC{“, we got 7b656d3993d956d6c1d7b2348bbf8ebc224d70d869 => the prefix exists in the encrypted flag.

We only have to compare the response byte by byte with the encrypted flag. 🙂

#!/usr/bin/python3

from pwn import *
import string

charset = string.hexdigits[:-6] + '}'
flag = 'ECSC{'

while True:
    for letter in charset:
        conn = remote('challenges.ecsc-teamfrance.fr', 2000, level='error')
        conn.recvuntil('encrypted flag: ', drop=True)
        encrypted = conn.recvline(keepends=False).decode()
        conn.recvuntil('your text:', drop=True)
        conn.sendline(flag+letter)
        conn.recvuntil('your ciphertext: ', drop=True)
        ciphertext = conn.recvline(keepends=False).decode()
        n = len(flag)*2 + 2
        if ciphertext[:n] in encrypted:
            flag += letter
            print('found: '+flag)
    if flag[-1:] == '}':
        break
conn.close()

Flag was ECSC{d7e080292d95f131e07241a98dc6c1aa10279889}