Oh no! A brilliant scientist with questionable ethics has encrypted Anthony's important research. Luckily, the scientist who did this was overconfident, and gave us both the encrypted research and the contraption used to encrypt it. Can you get Anthony's research back before it's too late?
nc ctf.ritsec.club 30984
Solution
We get information on how to connect to the server and server.py file which contains the following code:
from Crypto.Cipher import DES
from Crypto.Util.Padding import pad
from secret import KEY, FLAG
BLOCK_SIZE = 64
key = bytes.fromhex(KEY)
cipher = DES.new(key, DES.MODE_ECB)
flag = cipher.encrypt(pad(bytes(FLAG, "utf-8"), BLOCK_SIZE))
print("Here's the flag (in hex):", flag.hex())
print("=" * 64)
print("Encrypt something if you want, you can choose the key and the plaintext :)")
while True:
try:
key = bytes.fromhex(input("Key (in hex): "))
plaintext = bytes.fromhex(input("Message to encrypt (in hex): "))
print("=" * 64)
cipher = DES.new(key, DES.MODE_ECB)
ciphertext = cipher.encrypt(pad(plaintext, BLOCK_SIZE))
print("Here's your message! (in hex):", ciphertext.hex())
print("Here's your message! (in bytes):", ciphertext)
print("=" * 64)
except KeyboardInterrupt:
break
The code indicates that we are dealing with the DES algorithm in ECB mode. After connecting to the server we obtain an encrypted flag in hex. Additionally, we're given the capability to encrypt a message of our choice using a specified key. These two values must be entered as hexadecimal. After providing these values, we receive ciphertext in both hexadecimal and bytes.
Weak keys
A DES block cipher has several specific keys which are called weak keys. These keys make DES encryption work identically to decryption. There are four weak keys in DES:
This insight does not change the approach to launching an attack on DES, because we still need a key to decrypt the message, but we can check if the weak key was used to encrypt a message in this task.
Simple Python script which tries to decrypt a message using 4 weak keys:
from Crypto.Cipher import DES
from base64 import *
cipher_text_string = "28e3a0ff9089aecc83465e470624a89253a1aac856a4f7ff08b4648b7c5eff9aa41a0dd1c7fc15995382dc3149dfcccf82241fb566fb5a0382241fb566fb5a03"
cipher_text_bytes = bytes.fromhex(cipher_text_string)
KEY=b'\x00\x00\x00\x00\x00\x00\x00\x00'
a = DES.new(KEY, DES.MODE_ECB)
plaintext = a.decrypt(cipher_text_bytes)
print (plaintext)
KEY=b'\x1E\x1E\x1E\x1E\x0F\x0F\x0F\x0F'
a = DES.new(KEY, DES.MODE_ECB)
plaintext = a.decrypt(cipher_text_bytes)
print (plaintext)
KEY=b"\xE1\xE1\xE1\xE1\xF0\xF0\xF0\xF0"
a = DES.new(KEY, DES.MODE_ECB)
plaintext = a.decrypt(cipher_text_bytes)
print (plaintext)
KEY=b"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"
a = DES.new(KEY, DES.MODE_ECB)
plaintext = a.decrypt(cipher_text_bytes)
print (plaintext)
After executing the script, we get a flag which was encrypted using the following key:
