Open in app

Sign in

Write

Sign in

Simple Cipher

Eslam Hassan
3 min readJul 5, 2023

--

my first ever Writeup.

In this Challenge we are given 2 things

1.The Encryption Code

From this code we can notice that it basically reads the content of the flag.txt which is supposed to be like this “EGCERT{SOME_FLAG_HERE}”

it then makes a random key of 7 bytes .. why 7 bytes ? because the “{“ is in the 6th index of “EGCERT{SOME_FLAG_HERE}” and we add +1 so the key length is 7 Bytes

then we have the xor function that takes the flag as an input and returns the encrypted flag and this is how it works…

  1. initializes an empty byte string enc to store the XOR result.
  2. for i, c in enumerate(plain):: This line starts a loop that iterates over each byte in the plain input string. The enumerate() function returns both the index (i) and the value (c) of each byte.

3. enc += int.to_bytes(c ^ KEY[i % len(KEY)]): This line performs the XOR operation between the current byte c and the corresponding byte in the KEY.

4. The result is converted to bytes using int.to_bytes() and appended to the enc byte string.

5. return enc.hex(): This line converts the enc byte string to its hexadecimal and returns the result as a string.

import os 

FLAG = open("flag.txt", "rb").read()
KEY = os.urandom(FLAG.index(b"{")+1)
def xor(plain):
    enc = b""
    for i, c in enumerate(plain):
        enc += int.to_bytes(c ^ KEY[i % len(KEY)])
    return enc.hex()    

print(xor(FLAG))

2. Output Cipher

61bade96f3f7f36d90c29b92d1bb7b8aa9ba9692e61da2c9e3fefbb876dce0

the output is 31 bytes and the key is 7 bytes so how does the xor works ?

from this line of code enc += int.to_bytes(c ^ KEY[i % len(KEY)]): we notice that it basically repeat the key until the end of the flag

so if the flag was for example “EGCERT{ESLAM_HASSAN}” which is “4547434552547b45534c414d5f48415353414e7d” in hex and if the random key was “ABCDEFG” which is “41424344454647” in hex we basically repeat the key to match the length of the flag

so the xor operation will be like

4547434552547b45534c414d5f48415353414e7d   (the flag)
xor
4142434445464741424344454647414243444546   (the repeated key)

Solution

we need to understand how xor works and how to reverse it in order so solve this challenge so lets break it down.

The reverse of any xor operation is itself so the reverse of bitxor is bitxor. This is a fundamental property of xor, applying it twice gets you back where you started.

so lets assume that we have

FLAG =’1100'

key=’0110'

Cipher=xor(FLAG,key)= ‘1010'

so to get the key we xor the Cipher , FLAG again : key = xor(FLAG,Cipher) = xor (1100,1010) = 0110

now we apply that to our case we know part of the FLAG “EGCERT{” (7 bytes) and we have the Cipher (we take only the first 7 bytes) ,so to get back the key we simply do xor the Cipher with the “EGCERT{”

Cipher_hex = "61bade96f3f7f3"  # Hexadecimal bytes
Cipher_bytes = bytes.fromhex(Cipher_hex)  # Convert to bytes

FLAG = "EGCERT{"
FLAG_bytes = FLAG_result.encode()  # Convert to bytes

key_bytes = bytes([a ^ b for a, b in zip(Cipher_bytes, FLAG_bytes)])  # XOR operation

print(key_bytes.hex())  # Print the key in hexadecimal representation

#output = 24fd9dd3a1a388

yaay ! we got the key “24fd9dd3a1a388”.

so to get the whole FLAG now we simply xor the Cipher “61bade96f3f7f36d90c29b92d1bb7b8aa9ba9692e61da2c9e3fefbb876dce0”with the key.


61bade96f3f7f36d90c29b92d1bb7b8aa9ba9692e61da2c9e3fefbb876dce0 # the cipher
xor
24fd9dd3a1a38824fd9dd3a1a38824fd9dd3a1a38824fd9dd3a1a38824fd9d #(key)we Repeat it until it reach the same length as the cipher

DONE!

EGCERT{Im_H3r3_w4i71n9_T0_X0R!}

Ctf Writeup
Cryptography
Xor
Encryption

--

--

Eslam Hassan
Eslam Hassan

Written by Eslam Hassan

4 Followers
8 Following

codepirate69

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams