alect096.github.io

View on GitHub

Base64 + xor = <3 (Crypto)

-$ cd ..

Author: BorelEnzo

Base64 and XOR are often involved in crypto challenges. What if we combined them ?

We were given an encrypted file and the command used to generate it: base64 -w 0 message.txt | xortool-xor -s <notthekey> -f - > message.enc

The ciphertext was quite big, but we had absolutely no idea of what the plaintext could be (we thought about a simple Lorem ipsum). We spent a lot of time on this one because we were too much focused on the size of the key, which was supposed to be a multiple of 4:

$ xortool message.enc 
	The most probable key lengths:
	   2:   12.3%
	   4:   13.8%
	   6:   10.5%
	   8:   11.5%
	  10:   8.6%
	  12:   9.4%
	  14:   7.1%
	  16:   7.8%
	  23:   10.4%
	  46:   8.7%
	Key-length can be 4*n
Most possible char is needed to guess the key!

We first tried with a length equal to 4 by trying to bruteforce the key with -b and -o switches, and then lengthes 8, 12, and 16 by trying every character as the most possible one, but it was not successful…

At a moment, as the end of the round approached, one of our team mate noted that we didn’t even try the 23-bytes key, with a probability arounf 10%. We knew that bruteforceing a 23-bytes key was not possible, and then, without too much confidence, we tried to bruteforce the most possible char:

$ for i in {a..z}; do xortool -l 23 -c $i message.enc ; done
	1 possible key(s) of length 23:
	`\\sPBCQvrh\x1eAMGNs\x12pU\x14vQB
	Found 0 plaintexts with 95.0%+ printable characters
	See files filename-key.csv, filename-char_used-perc_printable.csv
	1 possible key(s) of length 23:
	c_pSA@Ruqk\x1dBNDMp\x11sV\x17uRA
	Found 0 plaintexts with 95.0%+ printable characters
	See files filename-key.csv, filename-char_used-perc_printable.csv
... snipped ...

Unfortunately, none of the plaintext contained more than 95% of printable characters. However, by using capital letters, the result was way more interesting:

$ for i in {A..Z}; do xortool -l 23 -c $i message.enc ; done
... snipped ...
	1 possible key(s) of length 23:
	FzUvdewPTN8gkahU4Vs2Pwd
	Found 1 plaintexts with 95.0%+ printable characters
	See files filename-key.csv, filename-char_used-perc_printable.csv
... snipped ...

One key was made only of letters and numbers. We tried it, and finally, got our reward!

"xortool-xor -s FzUvdewPTN8gkahU4Vs2Pwd -f message.enc  | base64 -d | grep CSC
	Flag: CSC{I_w0nd3r_how_DEFLATE_wouId_do}
	base64: invalid input