FCSC 2021 - Intro - Known Plaintext

Table of contents :

Your goal is to decipher the flag.

Files :

Solving the challenge

First of all, let’s analyze the provided script clair-connu.py, which encrypted the flag:

import os
from Crypto.Util.number import long_to_bytes
from Crypto.Util.strxor import strxor

FLAG = open("flag.txt", "rb").read()

key = os.urandom(4) * 20
c = strxor(FLAG, key[:len(FLAG)])

The encryption used here is a simple XOR with a key 4 bytes long, repeated several times to reach the length of the flag to be encrypted. We know that XOR encryption is involutive, that is to say:

    c = a (+) b
<=> a (+) c = a (+) a (+) b
<=> a (+) c = b

As well as :

    c = a (+) b
<=> c (+) b = a (+) b (+) b
<=> c (+) b = a

It is therefore enough to know two elements of our equation to find the third. Here we do not know the flag … and yet we know enough! We know that the flag starts with FCSC{, and that the key used is 4 bytes. So if we XOR the first 4 bytes of the flag encrypted with the string FCSC we will get the key! Then just perform an XOR of this key obtained over the entire length of the encrypted flag to decrypt it!

We can do this very simply in python:

#!/usr/bin/env python3
# -*- coding: utf-8 -*-

from Crypto.Util.strxor import strxor
import binascii

FLAG = "d91b7023e46b4602f93a1202a7601304a7681103fd611502fa684102ad6d1506ab6a1059fc6a1459a8691051af3b4706fb691b54ad681b53f93a4651a93a1001ad3c4006a825"
FLAG = binascii.unhexlify(FLAG)

key = strxor(FLAG[:4], b'FCSC')
print("[+] key :",key)
plaintext = strxor(FLAG, (key * 20)[:len(FLAG)])

And we get the flag :