{"id":13891,"date":"2017-02-08T15:22:10","date_gmt":"2017-02-08T14:22:10","guid":{"rendered":"https:\/\/codisec.com\/?p=13891"},"modified":"2023-03-22T16:29:58","modified_gmt":"2023-03-22T15:29:58","slug":"bitsctf-2017-fanfie","status":"publish","type":"post","link":"https:\/\/codisec.com\/bitsctf-2017-fanfie\/","title":{"rendered":"BITSCTF 2017: fanfie"},"content":{"rendered":"

CTF: BITSCTF 2017
\nPoints: 20
\nCategory: Crypto<\/p>\n

Description<\/h2>\n

\nBrute and get the base 32 format of flag.
\nencrypted.txt: MZYVMIWLGBL7CIJOGJQVOA3IN5BLYC3NHI<\/code>\n<\/p><\/blockquote>\n

This task is worth 20 points, but only 8 teams have solved it during ctf and I really wonder why.<\/p>\n

Before we start, I assume that everyone knows how base32 works: link<\/a>.<\/p>\n

Solution<\/h2>\n

Task description tells us that flag is converted to base32 and somehow encrypted.<\/p>\n

From other tasks we know flag format and when we compare it with ciphertext length, we can assume that plaintext looks like this: BITSCTF{*************}<\/code>.<\/p>\n

Let’s encode first five letters of flag (one block of base32), BITSC<\/code> to base32: IJEVIU2D<\/code>.<\/p>\n

Compare first 5 letters of base32 plaintext and ciphertext:<\/p>\n

\r\nI J E V I U 2 D\r\nM Z Y V M I W L\r\n<\/pre>\n
We can notice that every letter in ciphertext decodes to distinct letter in plaintext (with M<\/code> decoding twice to I<\/code>), so we can guess that this is kind of monoalphabetic substitution cipher.<\/p>\n
Let’s look for any patterns in ciphertext alphabet.<\/p>\n
Our alphabet(all base32 letters):<\/p>\n
\r\n A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z  2  3  4  5  6  7\r\n 0  1  2  3  4  5  6  7  8  9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31<\/pre>\n
Encrypting alphabet<\/p>\n
\r\n A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z  2  3  4  5  6  7\r\n ?  ?  ?  L  Y  ?  ?  ?  M  ?  ?  ?  ?  ?  ?  ?  ?  ?  ?  ?  I  V  ?  ?  ?  J  W  ?  ?  ?  ?  ?\r\n         11 24          12                                   8 21           9 22               <\/pre>\n
So:<\/p>\n
\r\n3  -> 11\r\n4  -> 24\r\n8  -> 12\r\n20 ->  8\r\n21 -> 21\r\n25 ->  9\r\n26 -> 22\r\n<\/pre>\n
When we look closely we can see that this is encrypted with affine cipher<\/a>, with a = 13<\/code> and b = 4<\/code>.<\/p>\n
By the way, after finding that pattern we realize that title of this task is anagram of affine<\/b> word.<\/p>\n
So our encrypted alphabet will look like this:<\/p>\n
\r\n A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z  2  3  4  5  6  7\r\n 4 17 30 11 24  5 18 31 12 25  6 19  0 13 26  7 20  1 14 27  8 21  2 15 28  9 22  3 16 29 10 23\r\n E  R  6  L  Y  F  S  7  M  Z  G  T  A  N  2  H  U  B  O  3  I  V  C  P  4  J  W  D  Q  5  K  X\r\n<\/pre>\n
Now we can get our plaintext:<\/p>\n
\r\nMZYVMIWLGBL7CIJOGJQVOA3IN5BLYC3NHI -> IJEVIU2DKRDHWUZSKZ4VSMTUN5RDEWTNPU\r\n<\/pre>\n
After that we need to add b32 padding and finally we can read our solution:<\/p>\n
\r\nimport base64\r\nbase64.b32decode('IJEVIU2DKRDHWUZSKZ4VSMTUN5RDEWTNPU======')\r\n-> BITSCTF{S2VyY2tob2Zm}\r\n<\/pre>\n
Easter egg:
\nflag is base64 of string ‘Kerckhoff’:<\/p>\n
\r\n$ echo -n \"S2VyY2tob2Zm\" | base64 -d\r\nKerckhoff\r\n<\/pre>\n
Kerckhoffs’s principle<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"
CTF: BITSCTF 2017 Points: 20 Category: Crypto Description Brute and get the base 32 format of flag. encrypted.txt: MZYVMIWLGBL7CIJOGJQVOA3IN5BLYC3NHI This task is worth 20 points, but only 8 teams have solved it during ctf and I really wonder why. Before…<\/span> <\/p>\n
Read more ›<\/div>\n
<\/a><\/p>\n","protected":false},"author":6,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[26,25],"tags":[20],"yoast_head":"\n\n\n\n\n\n\n\n\n\n\n\n\t\n