#Thanks to @sayoojsamuel for helping out pt= "Welcome to InCTFj finals! Hope you are having a great time here ;)" ct= "1614ad13f934ca0e410da7785ddb3b248377eab15cb6cd46f355f5896ce848ce6675b8d48f284bf4186c982ac74f9f9302d2d0c78ab3cd87fd61f5fa02003b38418c2e33c09882de5da99a8066a2f4e7".decode('hex') key= "YELLOW SUBMARINE" from Crypto.Cipher import AES from pwn import xor def AES_decrypt(key, message): a = AES.new(key,AES.MODE_ECB) pt= a.decrypt(message) return pt ct=AES_decrypt(key,ct) IV= xor(ct,pt)[:16] #IV is only 16 bytes long print IV
def bruteforce(ct): flag = [] for i in range(255): flag.append(xor(ct,i)) return flag
# coding: utf-8 c1 = '\x05F\x17\x12\x14\x18\x01\x0c\x0b4' c2 = '>\x1f\x00\x14\n\x08\x07Q\n\x0e' len(c1) len(c2) from pwn import xor xor(c1, c2) xor('d4rk', c1) xor('arey', c2) xor('d4rk{', c1) key = 'areyo' xor('areyou', c1) key = 'areyou' xor(c2, 'aaaaa}c0de') key = 'areyoudank' xor(c1, dank) xor(c1, key) xor(c2, key) __ + _
#!/usr/bin/env python3 from os import urandom from random import randint from pwn import xor # Org file content was this part: input_img = open("flag.png", "rb").read() outpout_img = open("flag.png.enc", "wb") key = bytes('FLAG', 'utf-8') if len(key) < 10: outpout_img.write(xor(input_img, key)) else: print('Key is too long!')
from pwn import xor HIDDEN_FLAG = bytes.fromhex( '73626960647f6b206821204f21254f7d694f7624662065622127234f726927756d') byte = 0x00 for i in range(256): flag = xor(HIDDEN_FLAG, byte).decode("utf-8") if "crypto" in flag: print(flag) break byte += 0x01
Identity: A ⊕ 0 = A Self-Inverse: A ⊕ A = 0 Let's break this down. Commutative means that the order of the XOR operations is not important. Associative means that a chain of operations can be carried out without order (we do not need to worry about brackets). The identity is 0, so XOR with 0 "does nothing", and lastly something XOR'd with itself returns zero. Let's try this out in action! Below is a series of outputs where three random keys have been XOR'd together and with the flag. Use the above properties to undo the encryption in the final line to obtain the flag. KEY1 = a6c8b6733c9b22de7bc0253266a3867df55acde8635e19c73313 KEY2 ^ KEY1 = 37dcb292030faa90d07eec17e3b1c6d8daf94c35d4c9191a5e1e KEY2 ^ KEY3 = c1545756687e7573db23aa1c3452a098b71a7fbf0fddddde5fc1 FLAG ^ KEY1 ^ KEY3 ^ KEY2 = 04ee9855208a2cd59091d04767ae47963170d1660df7f56f5faf Before you XOR these objects, be sure to decode from hex to bytes. If you have pwntools installed, you have a xor function for byte strings: from pwn import xor""" from pwn import xor from binascii import unhexlify key1 = unhexlify("a6c8b6733c9b22de7bc0253266a3867df55acde8635e19c73313") key2xkey1 = unhexlify("37dcb292030faa90d07eec17e3b1c6d8daf94c35d4c9191a5e1e") key2xkey3 = unhexlify("c1545756687e7573db23aa1c3452a098b71a7fbf0fddddde5fc1") flagxkey1xkey2xkey3 = unhexlify( "04ee9855208a2cd59091d04767ae47963170d1660df7f56f5faf") #key2 k2 = xor(key2xkey1, key1, cut="max") k3 = xor(key2xkey3, k2, cut="max") flag = xor(key1, k2, k3, flagxkey1xkey2xkey3, cut="max") print(flag)
from pwn import xor key1 = bytes.fromhex("a6c8b6733c9b22de7bc0253266a3867df55acde8635e19c73313") key2_and_key1 = bytes.fromhex( "37dcb292030faa90d07eec17e3b1c6d8daf94c35d4c9191a5e1e") key2 = xor(key1, key2_and_key1) key2_and_key3 = bytes.fromhex( "c1545756687e7573db23aa1c3452a098b71a7fbf0fddddde5fc1") key3 = xor(key2, key2_and_key3) total = bytes.fromhex("04ee9855208a2cd59091d04767ae47963170d1660df7f56f5faf") flag = xor(total, key1, key2, key3) print(flag)
#!/usr/bin/env python3 from pwn import xor key = bytes.fromhex( "0e0b213f26041e480b26217f27342e175d0e070a3c5b103e2526217f27342e175d0e077e263451150104" ) print(key) flag = b'crypto{' ''' b'myXORke+y_Q\x0bHOMe$~seG8bGURN\x04DFWg)a|\x1dTM!an\x7f' b'crypto{1f_y0u_Kn0w_En0uGH_y0u_Kn0w_1t_4ll}' ''' potentialKey = b'myXORkey' print(xor(key, flag)) finalANswer = xor(key, potentialKey) print(finalANswer) # r = open("/usr/share/wordlists/rockyou.txt", "rb") # print(r.readline()) # failSafe = 10 # i = 0 # for elem in r.readlines(): # print(elem) # i += 1 # if i > failSafe: # break
# KEY2 ^ KEY1 = 37dcb292030faa90d07eec17e3b1c6d8daf94c35d4c9191a5e1e # KEY2 ^ KEY3 = c1545756687e7573db23aa1c3452a098b71a7fbf0fddddde5fc1 # FLAG ^ KEY1 ^ KEY3 ^ KEY2 = 04ee9855208a2cd59091d04767ae47963170d1660df7f56f5faf # First decode from hex to bytes KEY1 = 'a6c8b6733c9b22de7bc0253266a3867df55acde8635e19c73313' print("KEY1 encoded %s" % KEY1) decodedKEY1 = bytes.fromhex(KEY1) print("KEY1 decoded %s" % decodedKEY1) # key 2 xor with key 1 key21 = '37dcb292030faa90d07eec17e3b1c6d8daf94c35d4c9191a5e1e' # flag xor key1 xor key3 xor key2 flag132 = '04ee9855208a2cd59091d04767ae47963170d1660df7f56f5faf' # trying to find flag flag = '' KEY2 = '' op1 = xor(KEY1, KEY2) print(key21) KEY3 = '' # KEY2 and KEY3 are unknown. We can use pwntools to # get keys. # xor(KEY1, KEY2)
def repeating_key(c, key): flag = xor(c, key) return flag
from pwn import xor, unhex enc_flag = unhex( '73626960647f6b206821204f21254f7d694f7624662065622127234f726927756d') """ for i in range(100): canidate = xor(enc_flag,i) if canidate.decode()[0] == 'c': print(canidate) print(i) """ print(xor(enc_flag, 16))
# # Before you XOR these objects, be sure to decode from hex to bytes. If you have pwntools installed, you have a xor # function for byte strings: from pwn import xor key1_hex = 'a6c8b6733c9b22de7bc0253266a3867df55acde8635e19c73313' key1_binary = binascii.unhexlify(key1_hex) print("key1_binary: ") print(key1_binary) # Reverising XOR, just use XOR (lol) - https://stackoverflow.com/a/14279946 key1_xor_key2_hex = '37dcb292030faa90d07eec17e3b1c6d8daf94c35d4c9191a5e1e' key1_xor_key2_binary = binascii.unhexlify(key1_xor_key2_hex) print("key1_xor_key2_binary: ") print(key1_xor_key2_binary) # https://docs.pwntools.com/en/stable/util/fiddling.html?highlight=xor#pwnlib.util.fiddling.xor key2_binary = xor(key1_binary, key1_xor_key2_binary) print("key2_binary: ") print(key2_binary) key2_xor_key3_hex = 'c1545756687e7573db23aa1c3452a098b71a7fbf0fddddde5fc1' key2_xor_key3_binary = binascii.unhexlify(key2_xor_key3_hex) print("key2_xor_key3_binary: ") print(key2_xor_key3_binary) key3_binary = xor(key2_binary, key2_xor_key3_binary) print("key3_binary: ") print(key3_binary) flag_xor_key1_xor_key2_xor_key3_hex = '04ee9855208a2cd59091d04767ae47963170d1660df7f56f5faf' flag_xor_key1_xor_key2_xor_key3_binary = binascii.unhexlify( flag_xor_key1_xor_key2_xor_key3_hex) print("flag_xor_key1_xor_key2_xor_key3_binary: ")
import pwn s = "You have now entered the Duck Web, and you',27h,'re in for a honk.\nCan you figure out my trick?" x = "\x29\x06\x16\x4F\x2B\x35\x30\x1E\x51\x1B\x5B\x14\x4B\x08\x5D\x2B\x52\x17\x01\x57\x16\x11\x5C\x07\x5D\x00" print pwn.xor(s, x)
from pwn import xor s1 = "a6c8b6733c9b22de7bc0253266a3867df55acde8635e19c73313" s2 = "37dcb292030faa90d07eec17e3b1c6d8daf94c35d4c9191a5e1e" s3 = "c1545756687e7573db23aa1c3452a098b71a7fbf0fddddde5fc1" f = "04ee9855208a2cd59091d04767ae47963170d1660df7f56f5faf" # Hex strings need to be converted to bytes prior to xor x1 = bytes.fromhex(s1) x2 = bytes.fromhex(s2) x3 = bytes.fromhex(s3) f = bytes.fromhex(f) k1 = x1 k2 = xor(x2, x1) k3 = xor(k2, x3) flag = xor(k1, k2, k3, f) print(flag)
from pwn import xor s = "0e0b213f26041e480b26217f27342e175d0e070a3c5b103e2526217f27342e175d0e077e263451150104" key = "myXORkey" x1 = bytes.fromhex(s) x2 = key.encode() print(xor(x1, x2)) #Did this process manually # s = "04" # x = bytes.fromhex(s) # for i in range(256): # b = bytes([i]) # ans = xor(b,x) # print(b,ans) # # Key # m y X O R k e y
#!/usr/bin/env python3 from os import urandom from random import randint from pwn import xor new = open("new.png", "wb") enc10 = open("org_flag.png.enc", "rb").read(10) kp = open("name.png", "rb").read(10) fkey = xor(enc10, kp).decode() print(fkey) c = 1 k = "" enc = open("org_flag.png.enc", "rb").read() for i in fkey: res = open("enc" + str(c) + ".png", "wb") k = k + i key = bytes(k, 'utf-8') res.write(xor(enc, key)) c = c + 1 # res: Tapar{TCTF_0x00}
A = IV B = post decrypt C = plain text A xor B = C B = A xor C C' = A' xor B A' = C' xor B A' = C' xor A xor C ''' cookie = {} cookie['password'] = "******" cookie['username'] = "******" cookie['admin'] = 0 cookie_data = json.dumps(cookie, sort_keys=True) to_be_flipped = cookie_data.index("0") cookie = "3p/EY/cO422MTCZ5ctVPTGlVbEiEG4fNiEk2NTeNEPWY+nS63S0EHX9VGQ77nXDUgrRZn+jy1M+NrymZPxg7Mg4rps6w/a+XOa/nTiCOYVo=" decoded = b64d(cookie) ''' change 10th byte of IV Since C = 0 , C' = 1 Therefore 10th byte xor 1 xor 0 ''' new_cookie = b64e(decoded[:10] + xor(decoded[10], '1', '0') + decoded[11:]) r = requests.get("http://2018shell1.picoctf.com:12004/flag", cookies={'cookie': new_cookie.decode("utf-8")}) flag = re.findall("<code>(.*?)</code>", r.text) print(flag[0])
from pwn import xor # p for parse p = bytes.fromhex b2 = p('81bdc2ad2a484a1f84a3eda4add9fe45') b3 = p('9adeacc55e0e1a27e39c97cccaa2ae7d') # our assumption for b3 plaintext b3_p = p('7d0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f') b2b3 = xor(b2, b3) #not fully sure where these two are from b1 = p('9483befd5226704fcbf39198c1a4c23e') b1b3 = p('0e5d12380c286a68286f06540b066c43') b2_p = xor(b2b3, b3_p) """ b1b3 = [0x0e,0x5d,0x12,0x38,0x0c,0x28,0x6a,0x68,0x28,0x6f,0x06,0x54,0x0b,0x06,0x6c,0x43] flag_1 = [] flag_2 = [] flag_3 = [0x7d,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f] for i in range(0, len(flag_1)): flag_2.append(b1b3[i]^flag_1[i]) for i in range(len(flag_1), len(b1b3)): flag1_possibilities = [] flag2_possibilities = [] for a in alpha_set: if (ord(a) ^ b1b3[i]).to_bytes(1, 'big') in alpha_set:
# bflag = bytearray.fromhex('2e313f2702184c5a0b1e321205550e03261b094d5c171f56011904') # bk = tuple(x ^ y for x, y in zip(bflag[:5], b'CHTB{')) # result = [] # for i in range(0, len(bflag), 5): # result += ''.join( [chr(x ^ y) for x, y in zip(bflag[i:i+5], bk)] ) # print(''.join(result)) # Same as : from pwn import xor, unhex bflag, beg = unhex( '2e313f2702184c5a0b1e321205550e03261b094d5c171f56011904'), 'CHTB{' bk = xor(bflag[:5], beg) print(xor(bflag, bk))
##import x0or from pwn import xor ##set values k1 = bytes.fromhex("a6c8b6733c9b22de7bc0253266a3867df55acde8635e19c73313") k2k1 = bytes.fromhex("37dcb292030faa90d07eec17e3b1c6d8daf94c35d4c9191a5e1e") k2k3 = bytes.fromhex("c1545756687e7573db23aa1c3452a098b71a7fbf0fddddde5fc1") fk132 = bytes.fromhex("04ee9855208a2cd59091d04767ae47963170d1660df7f56f5faf") k2 = xor(k1, k2k1) k3 = xor(k2, k2k3) flag = xor(k1, k2, k3, fk132) ## print the flag print(flag.decode())
#!/usr/bin/env python3 from pwn import xor from binascii import unhexlify from Crypto.Util.number import long_to_bytes import base64 KEY1 = 0xa6c8b6733c9b22de7bc0253266a3867df55acde8635e19c73313 b = 0x37dcb292030faa90d07eec17e3b1c6d8daf94c35d4c9191a5e1e #KEY2 = xor(bytearray.fromhex('37dcb292030faa90d07eec17e3b1c6d8daf94c35d4c9191a5e1e'), bytearray.fromhex(KEY1)) KEY2 = KEY1 ^ b print("[-] KEY2: {}".format(KEY2)) KEY3 = xor("c1545756687e7573db23aa1c3452a098b71a7fbf0fddddde5fc1", KEY2) print("[-] KEY3: {}".format(KEY3)) KEY4 = xor(xor(KEY1, KEY2), KEY3) print("[-] KEY4: {}\n".format(KEY4)) FLAG = xor("04ee9855208a2cd59091d04767ae47963170d1660df7f56f5faf", KEY4) print("[*] FLAG: {}".format(FLAG)) #print("[*] FLAG: {}".format(unhexlify(FLAG))) print("[*] FLAG: {}".format(long_to_bytes(FLAG))) #b = 0x37dcb292030faa90d07eec17e3b1c6d8daf94c35d4c9191a5e1e #>>> key1 = a #>>> key2 = a ^ b #>>> key3 = key2 ^ c
from pwn import xor,remote p = remote('crypto.hsctf.com',8111) p.recvuntil("Here is my super secret message: ") enc_flag = p.recvuntil("\n")[:-1].decode('hex') p.sendlineafter("Enter the message you want to encrypt: ",'f'*53) p.recvuntil("Encrypted: ") encrypted = p.recvuntil("\n")[:-1].decode('hex') key = xor(encrypted,'f'*53) flag = xor(enc_flag,key) print flag
def add_round_key(s, k): return xor(matrix2bytes(s), matrix2bytes(k))
def challenge_two(arg1, arg2): return pwn.xor(arg1, arg2)
from pwn import xor import string ct1 = '010c1607053a24763f2c76242b1521630b7936371e2d30292d051606071532387d2d2d74393c0d357e1169343c1b373c23301a1717111e2f25723a22772c2b0b3679187f212006222623341b070c1a152f367d382c732e300d267511733033122c3a21280601151114223372352a6424360b3c751c652626102e20292907110e04032f317c3e377820301c3c67107e31370d223a223c06100c1a0f283f7e292d642c310b3c751c783c3719223732320717171c0329327a2230753931163a771e643137192a35283e10170c170936277f293775213c0b3c7510603c3c162c3a293b010c060309293b772e3664392d1a267516633b3d1831312729101605150a373670352a6424360f26751c792637133a36233e141110111233326a282c73222b0c217c0b643d3710333d28341a0a0c121233327a3e2c6723291620641375223d0d2f303235141010010533237b252d773e311e3f750f7c34311a2220273119050d10152f257a27266425201826751e64223d0d2f3022281806141d1233367e2d397520201120790b792633112c382230141c0a19093d3a7a22266425240b23781a7e2c3d0a2b353038101c0018133f3277382b7524280f3b630c79373e1a343c272910120606143e3a72252d63252a0831661a623c3f0f313b243c170806191328237129377828310d216417673021172c212a3907010406032f38663e2e793e311e3f750c713b36132635343313160c191233327e2e366423200931621c71272006373c2330130b11030729337a22377f392d1a32650b652737082a202e28060e1607123925762d3778242b183d631164393b092a3a21' ct1 = bytes.fromhex(ct1) ct2 = '02010e01152f3a7629376228331a26631a63373d1327383f3c1b000d1b122822752a2662392d1a39641076273b182b20233300170e0d023e36613b267d38360b38751e623b2610223732291d0113180722386638347520300c207c1666303f163032292f01110d110234207d38317f393c1a207e1064343a0a2d3034381114061b1637327a2237782c311d35640b7c3039112623203207130b15122f3f7635257f382217207f0d673d2b112c202735000a0706033f3875382b75242b1c3b7e0c7931370d2220232f100e0c1d053e2560252d642520093d730b7f272b082b2d3235101d11110c343e7029277e223117357c19713d27112726233905010c040a3e20763e266425201d31640b7527341031202e3812050a1a09293b7c3f307e223117357c1971313d05263a2b381b050406033e237c382b793e2d102162107e213a1a2035332e100b111903293e673f227e292b10367f1b693c3c0c2b3b3429101206060d3532642d2d69392d163a771b792626162d37323c170b16000f2f35663837782828102162117527211025202e380608021d083a3a7a22277e28201b2772107f3e211e3035352a1a16071a033e33602d347828310c207f11753c3416373d35291a0f06111632236029277728281627761062212711262729331007021a033533663e2664252006377f12753320102e3b3329060d07111233326a2d31752c261c3d741a7e21211d36203232061105120329317c3e2c7e283610237e1971203e0b30352e291d0111110f28237b293064242b183b761379333719223d342e050106170e36366a242a742824193b65137830330d37' ct2 = bytes.fromhex(ct2) # print(len(ct1)) 599 # print(len(ct2)) 597 charset = string.ascii_letters + string.digits + "!_-@#$&" for char in charset: known = b"UDCTF{w3lc0me_t0_0ur_ctf" + char.encode() i = len(known) - 2 pt1 = xor(known, ct1) pt2 = xor(known, ct2) if ord('A') <= pt1[i] <= ord('Z') and ord('A') <= pt2[i] <= ord('Z'): print("key:",char) print(pt1) print() print(pt2) print() # UDCTF{w3lc0me_t0_0ur_ctf}
from pwn import xor import sys string = "0e0b213f26041e480b26217f27342e175d0e070a3c5b103e2526217f27342e175d0e077e263451150104" string_bytes = "\x0e\x0b!?&\x04\x1eH\x0b&!\x7f'4.\x17]\x0e\x07\n<[\x10>%&!\x7f'4.\x17]\x0e\x07~&4Q\x15\x01\x04" #obtained using fromhex.py from ../encoding_challenge print(xor(string_bytes, "crypto{")) #xor string_bytes w/ what we know (flag format is crypto{FLAG}) #bytes are obtained, looking something like myXORkey [a bunch of nonsense] #use myXORkey to obtain FLAG print(xor(string_bytes, "myXORkey"))
'7': '68', '8': '41', '9': '99', 'a': '2d', 'b': '0f', 'c': 'b0', 'd': '54', 'e': 'bb', 'f': '16' } } INV_TABLE = {} for k, v in TABLE.items(): for key, val in v.items(): INV_TABLE[val] = k + key flag_unxored = bytes.fromhex( xor(b''.join(flag_enc), KEY.hex().encode()).decode()) for _ in range(4): flag = "" for i in flag_unxored: flag += INV_TABLE[hex(i)[2:].zfill(2)] flag = bytes.fromhex(flag) if b'zh3r0' in flag: print(flag) break flag_unxored = flag
def get_flag(input_data): k1 = bytes.fromhex(input_data["k1"]) k23 = bytes.fromhex(input_data["k23"]) fk132 = bytes.fromhex(input_data["fk132"]) return pwn.xor(k1, k23, fk132).decode()
from pwn import remote, xor import json HOST, PORT = "95.216.233.106", 58891 REM = remote(HOST, PORT) print(REM.recvuntil(b'Your choice: ').decode()) REM.sendline(b'1') #get a guest token data = REM.recvline().replace(b"'", b'"') # badly formatted json token = json.loads(data)['token'] admin_token = token[32:] # first 32 is iv iv = bytes.fromhex(token[:32]) iv_xor = b'\x00' * 7 + xor(b'9', '0') * 4 + b'\x00' * 5 iv_for_admin = xor(iv_xor, iv).hex() REM.sendline(b'2') REM.sendline(admin_token.encode()) REM.sendline(iv_for_admin.encode()) print(REM.recvlines(4)) # ractf{cbc_b17_fl1pp1n6_F7W!}
img5 = open("flag5.png", "wb") img6 = open("flag6.png", "wb") img7 = open("flag7.png", "wb") img8 = open("flag8.png", "wb") img9 = open("flag9.png", "wb") key0 = k + bytes([0]) key1 = k + bytes([1]) key2 = k + bytes([2]) key3 = k + bytes([3]) key4 = k + bytes([4]) key5 = k + bytes([5]) key6 = k + bytes([6]) key7 = k + bytes([7]) key8 = k + bytes([8]) key9 = k + bytes([9]) print(xor(outpout_img, key0)[:8]) img0.write(xor(outpout_img, key0)) print(xor(outpout_img, key1)[:8]) img1.write(xor(outpout_img, key1)) print(xor(outpout_img, key2)[:8]) img2.write(xor(outpout_img, key2)) print(xor(outpout_img, key3)[:8]) img3.write(xor(outpout_img, key3)) print(xor(outpout_img, key4)[:8]) img4.write(xor(outpout_img, key4)) print(xor(outpout_img, key5)[:8]) img5.write(xor(outpout_img, key5)) print(xor(outpout_img, key6)[:8]) img6.write(xor(outpout_img, key6)) print(xor(outpout_img, key7)[:8]) img7.write(xor(outpout_img, key7))
#!/usr/bin/python from pwn import xor import argparse,sys parser = argparse.ArgumentParser(description="Tool to XOR two files together.") parser.add_argument('-a', '--first', dest='first', help='First file to XOR contents against', required=True) parser.add_argument('-b', '--second', dest='second', help='Second file to XOR contents against', required=True) parser.add_argument('-o', '--output', dest='output', help='Output file', required=True) args = parser.parse_args() if __name__ == '__main__': first = args.first second = args.second output = args.output with open(first, 'rb') as f, open(second, 'rb') as s, open(output, 'w') as o: payload = xor(f.read(),s.read()) o.write(payload)