DamCTF Writeup – xorpals

by Posted on

# Information:

CTF Name: DamCTF

CTF Challenge: crypto/xorpals

Challenge Category: Cryptography

Challenge Points: 188

By: m0x

DamCTF 2021

# Used Tools:

# Challenge Description:

One of the 60-character strings in the provided file has been encrypted by single-character XOR. The challenge is to find it, as that is the flag.

Hint: Always operate on raw bytes, never on encoded strings. Flag must be submitted as UTF8 string.

flags.txtDownload

# Writeup

Hello, welcome to my writeup for the DamCTF challenge xorpals. It was a nice CTF, I struggled a little but it was a good experience overall.

Let’s dive into the writeup for this one!

As you can see from the challenge description, we have a file, flags.txt, with a list of strings with 60-character each. We also know that one of these strings is the flag, but it has been encrypted by single-character XOR.

To solve this I decided to create a Python 3 script, see below:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
#!/usr/bin python3

def main():
    f = open("flags.txt", "r")
    for line in f:
        b = bytes.fromhex(line)
        for k in range(255):
            d = bytes([char ^ k for char in b])
            if b'dam' in d:
                return d

print(main())

Let me try to explain the script. First we open the file in read mode (f = open(“flags.txt”, “r”)) and then we iterate over it. In each iteration of this loop we need to first convert from hexadecimal (which is the encoding of the flags in the text file) to bytes. Then, we need to perform a XOR operation with each byte of the flag and all single-character bytes, one at a time. As you know, there are only 256 single-character bytes, so all we need is for k in range(255): to iterate over all of them.

The line d = bytes([char ^ k for char in b]) is where we have the XOR, in particular the ^ symbol represents the XOR in Python. What is happening is, for each char in the byte array b we will perform a XOR, convert it to bytes and store it in d.

Lastly we verify if the sub-string b’dam’ is in d, if so we return d.

Running the code…

To run the code I simply did:

mregra on Cyber:VM $ python3 script.py

And the flag is:

Show flag
dam{antman_EXPANDS_inside_tHaNoS_never_sinGLE_cHaR_xOr_yeet}

Thank you very much for reading!

Cheers,

MRegra

Share this post:

Popular posts

Author Profile
MRegra Silva
Related Posts

Published by MRegra Silva

Leave a Reply

Your email address will not be published. Required fields are marked *