Cracking the Code: A Dive into AES Encryption with WaniCTF2024

The Next Challenge

Fresh off the thrill of solving the RSA encryption challenge, Alex was eager for another cryptographic adventure. The WaniCTF2024 had a new puzzle waiting, and Alex was ready to dive in. The new challenge description read:

Accompanying the description was a zip file named cry-beginners-aes.zip. Alex extracted the zip file and found two files: chall.py and output.txt.

Unpacking the Challenge

Opening chall.py, Alex found the following code:

# https://pycryptodome.readthedocs.io/en/latest/src/cipher/aes.html
from Crypto.Util.Padding import pad
from Crypto.Cipher import AES
from os import urandom
import hashlib

key = b'the_enc_key_is_'
iv = b'my_great_iv_is_'
key += urandom(1)
iv += urandom(1)

cipher = AES.new(key, AES.MODE_CBC, iv)
FLAG = b'FLAG{This_is_a_dummy_flag}'
flag_hash = hashlib.sha256(FLAG).hexdigest()

msg = pad(FLAG, 16)
enc = cipher.encrypt(msg)

print(f'enc = {enc}') # bytes object
print(f'flag_hash = {flag_hash}') # str object

In output.txt, the values were:

enc = b'\x16\x97,\xa7\xfb_\xf3\x15.\x87jKRaF&"\xb6\xc4x\xf4.K\xd77j\xe5MLI_y\xd96\xf1$\xc5\xa3\x03\x990Q^\xc0\x17M2\x18'
flag_hash = 6a96111d69e015a07e96dcd141d31e7fc81c4420dbbef75aef5201809093210e

Understanding AES Encryption

AES (Advanced Encryption Standard) is widely used for securing sensitive data. It operates on blocks of data using a symmetric key algorithm. Here’s a simplified overview of the process in this challenge:

Key and IV Generation:

    - A base key and IV are defined and appended with a single random byte each.
    - The key and IV are essential for both encryption and decryption processes.

Encryption:

    - The message (FLAG) is padded to fit the block size (16 bytes).
    - AES encryption is performed in CBC (Cipher Block Chaining) mode using the key and IV.
    - The encrypted message and its SHA-256 hash are printed.

The Brute-Force Approach

To decrypt the message, Alex needed to brute-force the single random byte appended to the base key and IV. He wrote a script to try all possible combinations until finding a match for the hash:

from Crypto.Util.Padding import unpad
from Crypto.Cipher import AES
import hashlib

# Known parts of the key and IV
base_key = b'the_enc_key_is_'
base_iv = b'my_great_iv_is_'

# Encrypted message (obtained from the original script)
enc = b'\x16\x97,\xa7\xfb_\xf3\x15.\x87jKRaF&"\xb6\xc4x\xf4.K\xd77j\xe5MLI_y\xd96\xf1$\xc5\xa3\x03\x990Q^\xc0\x17M2\x18'

# Original message hash (obtained from the original script)
flag_hash = '6a96111d69e015a07e96dcd141d31e7fc81c4420dbbef75aef5201809093210e'

def brute_force_decrypt(enc, base_key, base_iv, flag_hash):
    for key_suffix in range(256):  # Loop through all possible byte values for the key suffix
        for iv_suffix in range(256):  # Loop through all possible byte values for the IV suffix
            key = base_key + bytes([key_suffix])
            iv = base_iv + bytes([iv_suffix])
            try:
                cipher = AES.new(key, AES.MODE_CBC, iv)
                decrypted_msg = unpad(cipher.decrypt(enc), 16)
                if hashlib.sha256(decrypted_msg).hexdigest() == flag_hash:  # Check if the decrypted message matches the hash
                    return decrypted_msg, key, iv
            except (ValueError, KeyError):  # Catch any errors during decryption and continue
                continue
    return None, None, None

decrypted_msg, found_key, found_iv = brute_force_decrypt(enc, base_key, base_iv, flag_hash)

if decrypted_msg:
    print(f'Decrypted message: {decrypted_msg}')
    print(f'Key: {found_key}')
    print(f'IV: {found_iv}')
else:
    print('Failed to decrypt the message.')

Solving the Challenge

Alex ran the script, watching as it tested each possible key and IV combination. Finally, after a few moments, the script returned the decrypted message:

Decrypted message: b'FLAG{7h3_f1r57_5t3p_t0_Crypt0!!}'
Key: b'the_enc_key_is_$'
IV: b'my_great_iv_is_O'

A triumphant smile spread across Alex’s face. He had successfully decrypted the message and solved another challenge from WaniCTF2024.

Conclusion

This journey into AES encryption not only reinforced Alex’s understanding of cryptographic principles but also showcased the importance of persistence and creativity in solving complex problems. As encryption continues to play a crucial role in securing our digital lives, mastering these concepts is invaluable for any aspiring cybersecurity professional.

Commentary:

Base Key and IV:

    - The script starts with the known parts of the key and IV.

Encrypted Message and Hash:

    - These are the given encrypted message and its hash.

Brute-Force Loop:

    - The nested loops try all 256 possible values for the suffix byte of the key and IV.

Decryption Attempt:

    - Within the loops, it tries to decrypt the message and checks if the decrypted message's hash matches the given hash.

Success Check:

    - If the correct key and IV are found, it prints the decrypted message, key, and IV. Otherwise, it indicates failure.

This solution demonstrates the power of brute-force techniques in cryptography, emphasizing the importance of understanding both the theory and practical implementation of encryption algorithms.