{"id":14197,"date":"2017-07-26T15:31:47","date_gmt":"2017-07-26T13:31:47","guid":{"rendered":"https:\/\/codisec.com\/?p=14197"},"modified":"2023-03-22T16:29:57","modified_gmt":"2023-03-22T15:29:57","slug":"ctfzone-2017-decrypt-undecryptable","status":"publish","type":"post","link":"https:\/\/codisec.com\/ctfzone-2017-decrypt-undecryptable\/","title":{"rendered":"CTFZone 2017: Decrypt the undecryptable"},"content":{"rendered":"<h2>Decrypt the undecryptable<\/h2>\n<p>CTF: CTFZone 2017<br \/>\nPoints: 724<br \/>\nCategory: ppc, reverse<\/p>\n<h3>Description<\/h3>\n<blockquote><p>Oh noes! It looks like we&#8217;ve lost decryption keys to our super-secret archive that contains all the blackmail material we&#8217;ve accumulated over the years!<br \/>\nLuckily, the encryption system was built with the government money by the lowest bidder, so maybe it contains some flaws.<\/p><\/blockquote>\n<p>In this challenge we were given a TAR archive <a class=\"link\" href=\"https:\/\/codisec.com\/wp-content\/uploads\/2017\/07\/decrypt_the_undecryptable.tar\">decrypt_the_undecryptable.tar<\/a>, which contained two files:<\/p>\n<ul>\n<li><code>decrypt_utility<\/code> &#8211; an 64-bit ELF executable<\/li>\n<li><code>flag.encrypted<\/code> &#8211; a 1200&#215;800 BMP image<\/li>\n<\/ul>\n<p><img loading=\"lazy\" class=\"aligncenter wp-image-14225\" style=\"font-size: 16px;\" src=\"https:\/\/codisec.com\/wp-content\/uploads\/2017\/07\/flag.encrypted.png\" alt=\"Encrypted flag image\" width=\"590\" height=\"393\" srcset=\"https:\/\/codisec.com\/wp-content\/uploads\/2017\/07\/flag.encrypted.png 1200w, https:\/\/codisec.com\/wp-content\/uploads\/2017\/07\/flag.encrypted-300x200.png 300w, https:\/\/codisec.com\/wp-content\/uploads\/2017\/07\/flag.encrypted-768x512.png 768w, https:\/\/codisec.com\/wp-content\/uploads\/2017\/07\/flag.encrypted-1024x683.png 1024w, https:\/\/codisec.com\/wp-content\/uploads\/2017\/07\/flag.encrypted-250x167.png 250w, https:\/\/codisec.com\/wp-content\/uploads\/2017\/07\/flag.encrypted-600x400.png 600w\" sizes=\"(max-width: 590px) 100vw, 590px\" \/><\/p>\n<h5 style=\"text-align: center;\">flag.encrypted<\/h5>\n<h3>Solution<\/h3>\n<p>By looking at the encrypted image we can clearly see a repeating pattern, which might indicate that data was XOR&#8217;ed with a key of currently unknown length. Hex dump confirmed that theory. Indeed there were repeating 128-byte blocks inside the image data.<br \/>\nAs a result of this simple analysis, we came up with very straightforward idea for decryption:<\/p>\n<ol>\n<li>Split image into 128-byte chunks.<\/li>\n<li>Find the most common chunk (it probably represents some solid color of background).<\/li>\n<li>XOR all data blocks with discovered key.<\/li>\n<\/ol>\n<pre class=\"lang:python decode:true \" title=\"decrypt.py\">from pwn import *\r\nfrom collections import Counter\r\n\r\nn = 128\r\nheader_size = 0x36\r\n\r\ndata = open(\"flag.encrypted\", \"rb\").read()\r\nheader = data[:header_size]\r\ndata = data[header_size:]\r\n\r\nchunks = [data[i:i+n] for i in xrange(0, len(data), n)] # split data into chunks\r\nkey = Counter(chunks).most_common(1)[0][0]\r\n\r\noutput = header\r\noutput += xor(chunks, key)\r\nopen(\"flag.bmp\", \"wb\").write(output)\r\n<\/pre>\n<h3><img loading=\"lazy\" class=\"wp-image-14223 aligncenter\" style=\"font-size: 16px;\" src=\"https:\/\/codisec.com\/wp-content\/uploads\/2017\/07\/decrypted.png\" alt=\"\" width=\"586\" height=\"390\" srcset=\"https:\/\/codisec.com\/wp-content\/uploads\/2017\/07\/decrypted.png 1200w, https:\/\/codisec.com\/wp-content\/uploads\/2017\/07\/decrypted-300x200.png 300w, https:\/\/codisec.com\/wp-content\/uploads\/2017\/07\/decrypted-768x512.png 768w, https:\/\/codisec.com\/wp-content\/uploads\/2017\/07\/decrypted-1024x683.png 1024w, https:\/\/codisec.com\/wp-content\/uploads\/2017\/07\/decrypted-250x167.png 250w, https:\/\/codisec.com\/wp-content\/uploads\/2017\/07\/decrypted-600x400.png 600w\" sizes=\"(max-width: 586px) 100vw, 586px\" \/><\/h3>\n<p>Although&nbsp;the result is not perfect, it&#8217;s enough to extract the flag: <code>ctfzone{5784e25b2af8b3fd817621cdf48e6e675d0e9388}<\/code>.<\/p>\n<h3>Why this method &#8220;almost&#8221; works<\/h3>\n<p><span style=\"font-weight: 400;\">First, a quick recap on block ciphers. Blocks ciphers work on fixed-size groups of bits and transform them using a secret key. The same key is used for both encryption and decryption.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In our case, <a class=\"link\" href=\"https:\/\/en.wikipedia.org\/wiki\/Advanced_Encryption_Standard\" target=\"_blank\" rel=\"noopener\">AES-256<\/a> is responsible for data encryption and that means block size of 128 bits (16 bytes) and key size of 256 bits (32 bytes). Although presence of decryption utility might give us some hope of extracting the key, it is unfortunately impossible. The only trace of the original encryption key remains as its <a class=\"link\" href=\"https:\/\/en.wikipedia.org\/wiki\/SHA-1\" rel=\"noopener\">SHA1<\/a> sum, used to verify whether the key supplied as argument from command line is correct.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">All of this leads us to the final ingredient and ultimately the flaw, which allowed us to decrypt the data. AES is used in <a class=\"link\" href=\"https:\/\/en.wikipedia.org\/wiki\/Block_cipher_mode_of_operation#Cipher_Feedback_.28CFB.29\" rel=\"noopener\">CFB<\/a> mode which uses ciphertext from previous block as input for the next block (look at diagram below for reference), however, it is used in an unusual way. Data is split into 128-byte fragments (8 AES blocks), each of which is encrypted separately i.e. resetting IV to zeros. The XOR &#8220;key&#8221; that our Python script found is basically an encrypted fragment of zero bytes. Since we know the output of AES with IV as input, we\u2019re able to recover the plaintext. We can repeat this trick if plaintext contains only zero bytes. Unfortunately, when we encounter a block with some non-zero bytes, our decryption method breaks for the next block (different ciphertext used as input for AES). Thus the result contains some artifacts.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><img loading=\"lazy\" class=\"aligncenter wp-image-14371\" src=\"https:\/\/codisec.com\/wp-content\/uploads\/2017\/07\/cfb.svg_-300x121.png\" alt=\"CFB Encryption mode\" width=\"703\" height=\"284\" srcset=\"https:\/\/codisec.com\/wp-content\/uploads\/2017\/07\/cfb.svg_-300x121.png 300w, https:\/\/codisec.com\/wp-content\/uploads\/2017\/07\/cfb.svg_-768x309.png 768w, https:\/\/codisec.com\/wp-content\/uploads\/2017\/07\/cfb.svg_-1024x412.png 1024w, https:\/\/codisec.com\/wp-content\/uploads\/2017\/07\/cfb.svg_-250x101.png 250w, https:\/\/codisec.com\/wp-content\/uploads\/2017\/07\/cfb.svg_-600x242.png 600w, https:\/\/codisec.com\/wp-content\/uploads\/2017\/07\/cfb.svg_.png 1500w\" sizes=\"(max-width: 703px) 100vw, 703px\" \/><\/h3>\n<p><span style=\"font-weight: 400;\">In the diagram, you can see, how blocks are chained in CFB mode. Orange color represents our XOR &#8220;key&#8221;, grey represents zero byte block, and green some non-zero bytes. We are able to decrypt everything until some unexpected, non-zero byte appears. In that case we XOR this block correctly, because output of AES isn&#8217;t changed, but the next block is impossible to decrypt.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Decrypt the undecryptable CTF: CTFZone 2017 Points: 724 Category: ppc, reverse Description Oh noes! It looks like we&#8217;ve lost decryption keys to our super-secret archive that contains all the blackmail material we&#8217;ve accumulated over the years! Luckily, the encryption system<span class=\"ellipsis\">&hellip;<\/span> <a href=\"https:\/\/codisec.com\/ctfzone-2017-decrypt-undecryptable\/\"><\/p>\n<div class=\"read-more\">Read more &#8250;<\/div>\n<p><!-- end of .read-more --><\/a><\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[37],"tags":[34,33,31],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v16.1.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<link rel=\"canonical\" href=\"https:\/\/codisec.com\/ctfzone-2017-decrypt-undecryptable\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CTFZone 2017: Decrypt the undecryptable - CodiSec\" \/>\n<meta property=\"og:description\" content=\"Decrypt the undecryptable CTF: CTFZone 2017 Points: 724 Category: ppc, reverse Description Oh noes! It looks like we&#8217;ve lost decryption keys to our super-secret archive that contains all the blackmail material we&#8217;ve accumulated over the years! Luckily, the encryption system&hellip; Read more &#8250;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/codisec.com\/ctfzone-2017-decrypt-undecryptable\/\" \/>\n<meta property=\"og:site_name\" content=\"CodiSec\" \/>\n<meta property=\"article:published_time\" content=\"2017-07-26T13:31:47+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-03-22T15:29:57+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/codisec.com\/wp-content\/uploads\/2017\/07\/flag.encrypted.png\" \/>\n<meta name=\"twitter:card\" content=\"summary\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\">\n\t<meta name=\"twitter:data1\" content=\"3 minutes\">\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/codisec.com\/#website\",\"url\":\"https:\/\/codisec.com\/\",\"name\":\"CodiSec\",\"description\":\"PENETRATION TESTING  AND MALWARE ANALYSIS\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":\"https:\/\/codisec.com\/?s={search_term_string}\",\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/codisec.com\/ctfzone-2017-decrypt-undecryptable\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/codisec.com\/wp-content\/uploads\/2017\/07\/flag.encrypted.png\",\"contentUrl\":\"https:\/\/codisec.com\/wp-content\/uploads\/2017\/07\/flag.encrypted.png\",\"width\":1200,\"height\":800},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/codisec.com\/ctfzone-2017-decrypt-undecryptable\/#webpage\",\"url\":\"https:\/\/codisec.com\/ctfzone-2017-decrypt-undecryptable\/\",\"name\":\"CTFZone 2017: Decrypt the undecryptable - CodiSec\",\"isPartOf\":{\"@id\":\"https:\/\/codisec.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/codisec.com\/ctfzone-2017-decrypt-undecryptable\/#primaryimage\"},\"datePublished\":\"2017-07-26T13:31:47+00:00\",\"dateModified\":\"2023-03-22T15:29:57+00:00\",\"author\":{\"@id\":\"https:\/\/codisec.com\/#\/schema\/person\/9a268063b450a87ef6575788f7fb8ab3\"},\"breadcrumb\":{\"@id\":\"https:\/\/codisec.com\/ctfzone-2017-decrypt-undecryptable\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/codisec.com\/ctfzone-2017-decrypt-undecryptable\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/codisec.com\/ctfzone-2017-decrypt-undecryptable\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"item\":{\"@type\":\"WebPage\",\"@id\":\"https:\/\/codisec.com\/\",\"url\":\"https:\/\/codisec.com\/\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"position\":2,\"item\":{\"@type\":\"WebPage\",\"@id\":\"https:\/\/codisec.com\/ctfzone-2017-decrypt-undecryptable\/\",\"url\":\"https:\/\/codisec.com\/ctfzone-2017-decrypt-undecryptable\/\",\"name\":\"CTFZone 2017: Decrypt the undecryptable\"}}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/codisec.com\/#\/schema\/person\/9a268063b450a87ef6575788f7fb8ab3\",\"name\":\"Hubert Jasudowicz\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/codisec.com\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/a64dc094502ba6f271ce18599f947e4d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/a64dc094502ba6f271ce18599f947e4d?s=96&d=mm&r=g\",\"caption\":\"Hubert Jasudowicz\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","_links":{"self":[{"href":"https:\/\/codisec.com\/wp-json\/wp\/v2\/posts\/14197"}],"collection":[{"href":"https:\/\/codisec.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/codisec.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/codisec.com\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/codisec.com\/wp-json\/wp\/v2\/comments?post=14197"}],"version-history":[{"count":61,"href":"https:\/\/codisec.com\/wp-json\/wp\/v2\/posts\/14197\/revisions"}],"predecessor-version":[{"id":14379,"href":"https:\/\/codisec.com\/wp-json\/wp\/v2\/posts\/14197\/revisions\/14379"}],"wp:attachment":[{"href":"https:\/\/codisec.com\/wp-json\/wp\/v2\/media?parent=14197"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/codisec.com\/wp-json\/wp\/v2\/categories?post=14197"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/codisec.com\/wp-json\/wp\/v2\/tags?post=14197"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}