🏴‍☠️
H1dd3nC0d3
  • Qu3stc0nCTF
    • ☠️Reverse
      • Twice the Trouble
      • Unlock the Encrypted Flag
      • Unlock the Safe
    • 👾Forensic
      • Something Missing?
    • 👻Stego
      • Long way to go
      • The Bank Of Spain
Powered by GitBook
On this page
  • Let's analyze the code
  • Exploiting the Challenge
  • Flag Retrieval
  • Flag
  1. Qu3stc0nCTF
  2. Reverse

Unlock the Encrypted Flag

بسم الله الرحمن الرحيم

PreviousTwice the TroubleNextUnlock the Safe

Last updated 5 months ago

In this challenge, we are provided with a Python script that encrypts a flag using the XOR operation and requires a specific password to reveal the flag. The goal is to bypass the password check and decrypt the flag.

Let's analyze the code

The script consists of the following main components:

  1. str_xor(secret, key):

    • This function performs an XOR operation between a secret string and a key. It generates a new key by repeating the original key until it matches the length of the secret.

  2. Encrypted Flag:

    • The flag is stored in a file named flag.txt.enc, which is read as binary data.

  3. Password Check:

    • The level_1_pw_check() function prompts the user for a password. The correct password is constructed from several parts and must start with "ak" and end with "9000". It also checks if the length of the entered password matches the obfuscated password.

Exploiting the Challenge

To successfully retrieve the flag:

  • We need to provide the correct password: "ak98-=90adfjhgj321sleuth9000".

  • The str_xor function is then called with the encrypted flag and the key "utilitarian" to decrypt it.

Flag Retrieval

Upon entering the correct password, the program decrypts the flag using the XOR operation, revealing the hidden flag.

def str_xor(secret, key):
    new_key = key
    i = 0
    while len(new_key) < len(secret):
        new_key = new_key + key[i]
        i = (i + 1) % len(key)
    return "".join([chr(ord(secret_c) ^ ord(new_key_c)) for (secret_c, new_key_c) in zip(secret, new_key)])

with open('flag.txt.enc', 'rb') as f:
    flag_enc = f.read()

password = "ak98-=90adfjhgj321sleuth9000"

decrypted_flag = str_xor(flag_enc.decode(), "utilitarian")
print("The decrypted flag is:", decrypted_flag)

str_xor Function:

  • Inputs:

    • secret: The encrypted text (the flag).

    • key: The key used for encryption (in this case, "utilitarian").

  • Process:

    • A new key (new_key) is initialized with the value of key.

    • A while loop is used to extend the new_key until its length matches that of secret.

    • Characters from key are appended to new_key based on the index i.

    • When the end of the key is reached, i is reset to zero using (i + 1) % len(key).

  • Encryption/Decryption:

    • The XOR operation is applied between each character of the secret and the generated new_key.

    • The zip function is used to pair characters from secret and new_key.

    • Each pair of characters is converted to ASCII values, and the XOR operation is performed.

    • The results are converted back to characters using chr and joined into a string.

Decrypting the Flag:

  • The flag is decrypted by calling the str_xor function with the encrypted content flag_enc and the key "utilitarian".

  • The encrypted text is converted from bytes to a string using decode() before passing it to the function.

Flag

QUESTCON{3ncrypt3d_fl4g_r3v34l}
☠️
challenge
solve.py