BYUCTF 2024 | Give Up-writeup
crypto/Give Up
Description
Something about running maybe? All I remember is that it was XOveR and OveR again. And I mean OveR and OveR and OveR again like a ton of times.
Author:overllama
files given
351c521111461501130547003e09570b1c477f065c551f5c295155325c0c5d09171a145412130b1304461e3a14100f00507f015c55175c7f7d7f4357165d2b507f2254000e025f56501d320a591a035131061406534437552b4b7a5e10420d1d0a1a0d120054565c14553e5f1b4e4330075f111d142b14380e4759090a1006431214140313175d0b7f0844060b467f15460c79391614351e400d5d15181b0d15460f0b5f1a130b3012100601437f3b141853553a5133025d1e77251601171546160f5813130b3012101b00503a004001125d3b3e5525560f181059120c1a081a4e541f45177f1e5f1b4e412f787d1005562d1438045d171c42151017541f141b13125c05316d7e0b18512d52541a1d5d3e142d1e5d591c1016000d10461a00575657172c02421a4e4d3007393b16453a467f0c5c1713035918021f035b175c0313112d1e3a200b423a0013121c5d31557f1852005d05161a07161f1e647d1345172d475701005a3e5247101f5f7f557f075a1c5d031711431c13091a130f5c07556d670b49423a52581b1c4431143a0a50115d0d0d1d0606461d014156401d7f0b5f00093e061d4607535b3a552d1f140a5d001c100d540718065a18545e7f05451a4e4d3007140716132b5b304b401104420d1a430707024e5a02135a2c06494e074076787a1b005a3b51734b441c5d0016010b540d15014456441a3e13171d4e563a175d55145c365a384b5c175d4a1e1a0a1a015b015d5f39253a475b0001437f065b1053543e593a4b521719420e104406035b095c185d137f175c0f17143606397f325d3b14360d130012175914101f46160b131e5c057f2e17034e523a175f1c1d5455703005140d5d161c190f540b1e4e4a1946552d02101a015b7f105f1c1d577f40304b401c1868733b060203094e54195d1c3e47570718517f0b5c0053462f3e110e451c0f421e1a0d1a075b025602130b3012100a014331787d1005562d1438045d171c420b000d54070901461857523e09544e0a512c174101534a30415525560f181059120c1a081a4e5e1758177f1e5f1b4e572d0b393b16453a467f0c5c1713035906020d461c015c12510b3a6d7e0b18512d52541a1d5d3e142b0e5f155d0359190a11461a0057565b072d131017014155787d1005562d1438045d171c421e1c151146020146564602552955180b467f155c1b1d527f583a1f1300121759110c03087120560056007f005f0000557f00461b53522d5b2a0557591c0c1d550711151e1c47564a1d2a6d7e0b18512d52541a1d5d3e14320a581c5d1b160043171402647d1345172d475701005a3e5240140a13385b300f5100186837101511145b095c185d137f13550202143e525f1c16133e5a3b4b5b0c0f16590c0c016c7139565145177f0c5e01195a7f1752161b133040370e41591b0d0b55101b4617015d11392b3012424e06513e00475200133d513a0513181e0a101b045846191b47564a1d2a40420b4e40301d13061b4a7f40304b401804421001435c12144e40174a5236131964275a2c1b57105f1328517f095c0d1542121b0c03460c06520214017f05550b0014381d5a1b1413305a7f435416140c1e550c1a4f71395656581c3010101a06517f15521816133e5a3b4b441c5a101c55041b08150f13065f132647591a643e1652590000477f433e055d185d161c190f541f141b131e5c057f2e17034e523a175f1c1d545573301f47185d0f181e06541f141b13035d163a15431a0f5a3b78393b16453a467f0c5c17130359120a02035b175c0313072f6d7e0b18512d52541a1d5d3e14330e4759040d0c55071b1115647d1345172d475701005a3e5241001d133e46301e5d1d5d031711431003080b4102130b30123a200b423a0013121c5d31557f0652121842001a1654050917393856043a151009015a31131306124a7f533004571b0407733b060203094e54195d1c3e47440b02587f1313191a567f55310f131108100d551a1b1371647d1345172d475701005a3e52541c05567f4d301e130c0d6837101511145b095c185d137f0b551a4e4d300713111c44313e110e451c0f421e1a0d1a075b1c461813132d0845000a143e1c575517562c512d1f13001217733b060203094e54195d1c3e475d0f05517f0b5c0053502d4d5525560f181059120c1a081a4e40174a5238085f0a0c4d3a787d1005562d1438045d171c420d100f18461a4e5f1f56523e09544e06412d06130c1c46553e110e451c0f421e1a0d1a075b095a0056522608454e1b44553c560316417f5330055d185d0e1c01430d090e4e5719441c552955180b467f155c1b1d527f462a0513180f0d0c1b075407150a131256013a15444e175b2a787d1005562d1438045d171c421414081146020146565000266d7e0b18512d52541a1d5d3e142c0a4a591a0d1611010d037120560056007f005f0000557f0656191f133e14330256591c0c1d550b01140f4e4a1946Solution
From the description we can guess that it is XOR but we don’t have the key for that
But as we know the flag format ie byuctf{} we can leak some part of the key using this
cypher = bytes.fromhex('351c521111461501130547003e09570b1c477f065c551f5c295155325c0c5d09171a145412130b1304461e3a14100f00507f015c55175c7f7d7f4357165d2b507f2254000e025f56501d320a591a035131061406534437552b4b7a5e10420d1d0a1a0d120054565c14553e5f1b4e4330075f111d142b14380e4759090a1006431214140313175d0b7f0844060b467f15460c79391614351e400d5d15181b0d15460f0b5f1a130b3012100601437f3b141853553a5133025d1e77251601171546160f5813130b3012101b00503a004001125d3b3e5525560f181059120c1a081a4e541f45177f1e5f1b4e412f787d1005562d1438045d171c42151017541f141b13125c05316d7e0b18512d52541a1d5d3e142d1e5d591c1016000d10461a00575657172c02421a4e4d3007393b16453a467f0c5c1713035918021f035b175c0313112d1e3a200b423a0013121c5d31557f1852005d05161a07161f1e647d1345172d475701005a3e5247101f5f7f557f075a1c5d031711431c13091a130f5c07556d670b49423a52581b1c4431143a0a50115d0d0d1d0606461d014156401d7f0b5f00093e061d4607535b3a552d1f140a5d001c100d540718065a18545e7f05451a4e4d3007140716132b5b304b401104420d1a430707024e5a02135a2c06494e074076787a1b005a3b51734b441c5d0016010b540d15014456441a3e13171d4e563a175d55145c365a384b5c175d4a1e1a0a1a015b015d5f39253a475b0001437f065b1053543e593a4b521719420e104406035b095c185d137f175c0f17143606397f325d3b14360d130012175914101f46160b131e5c057f2e17034e523a175f1c1d5455703005140d5d161c190f540b1e4e4a1946552d02101a015b7f105f1c1d577f40304b401c1868733b060203094e54195d1c3e47570718517f0b5c0053462f3e110e451c0f421e1a0d1a075b025602130b3012100a014331787d1005562d1438045d171c420b000d54070901461857523e09544e0a512c174101534a30415525560f181059120c1a081a4e5e1758177f1e5f1b4e572d0b393b16453a467f0c5c1713035906020d461c015c12510b3a6d7e0b18512d52541a1d5d3e142b0e5f155d0359190a11461a0057565b072d131017014155787d1005562d1438045d171c421e1c151146020146564602552955180b467f155c1b1d527f583a1f1300121759110c03087120560056007f005f0000557f00461b53522d5b2a0557591c0c1d550711151e1c47564a1d2a6d7e0b18512d52541a1d5d3e14320a581c5d1b160043171402647d1345172d475701005a3e5240140a13385b300f5100186837101511145b095c185d137f13550202143e525f1c16133e5a3b4b5b0c0f16590c0c016c7139565145177f0c5e01195a7f1752161b133040370e41591b0d0b55101b4617015d11392b3012424e06513e00475200133d513a0513181e0a101b045846191b47564a1d2a40420b4e40301d13061b4a7f40304b401804421001435c12144e40174a5236131964275a2c1b57105f1328517f095c0d1542121b0c03460c06520214017f05550b0014381d5a1b1413305a7f435416140c1e550c1a4f71395656581c3010101a06517f15521816133e5a3b4b441c5a101c55041b08150f13065f132647591a643e1652590000477f433e055d185d161c190f541f141b131e5c057f2e17034e523a175f1c1d545573301f47185d0f181e06541f141b13035d163a15431a0f5a3b78393b16453a467f0c5c17130359120a02035b175c0313072f6d7e0b18512d52541a1d5d3e14330e4759040d0c55071b1115647d1345172d475701005a3e5241001d133e46301e5d1d5d031711431003080b4102130b30123a200b423a0013121c5d31557f0652121842001a1654050917393856043a151009015a31131306124a7f533004571b0407733b060203094e54195d1c3e47440b02587f1313191a567f55310f131108100d551a1b1371647d1345172d475701005a3e52541c05567f4d301e130c0d6837101511145b095c185d137f0b551a4e4d300713111c44313e110e451c0f421e1a0d1a075b1c461813132d0845000a143e1c575517562c512d1f13001217733b060203094e54195d1c3e475d0f05517f0b5c0053502d4d5525560f181059120c1a081a4e40174a5238085f0a0c4d3a787d1005562d1438045d171c420d100f18461a4e5f1f56523e09544e06412d06130c1c46553e110e451c0f421e1a0d1a075b095a0056522608454e1b44553c560316417f5330055d185d0e1c01430d090e4e5719441c552955180b467f155c1b1d527f462a0513180f0d0c1b075407150a131256013a15444e175b2a787d1005562d1438045d171c421414081146020146565000266d7e0b18512d52541a1d5d3e142c0a4a591a0d1611010d037120560056007f005f0000557f0656191f133e14330256591c0c1d550b01140f4e4a1946')
plaintext = b'byuctf{'
key = ''.join(chr(c ^ m) for c, m in zip(cypher, plaintext))
print(key)Which gave us
gr00t@gr00t-Vivobook-ASUSLaptop-M6500IH-M6500IH:~/byu-24$ python3 keyleak.py
We're nSo now we have to guess the what can be the complete key and looking at the challenge name one of my teammate suggested that it can be the lyrics of the song never gonna give you up i.e. We're no strangers to love You know the rules and so do I
So
from pwn import xor
key = "We're no strangers to love You know the rules and so do I"
cypher = bytes.fromhex('351c521111461501130547003e09570b1c477f065c551f5c295155325c0c5d09171a145412130b1304461e3a14100f00507f015c55175c7f7d7f4357165d2b507f2254000e025f56501d320a591a035131061406534437552b4b7a5e10420d1d0a1a0d120054565c14553e5f1b4e4330075f111d142b14380e4759090a1006431214140313175d0b7f0844060b467f15460c79391614351e400d5d15181b0d15460f0b5f1a130b3012100601437f3b141853553a5133025d1e77251601171546160f5813130b3012101b00503a004001125d3b3e5525560f181059120c1a081a4e541f45177f1e5f1b4e412f787d1005562d1438045d171c42151017541f141b13125c05316d7e0b18512d52541a1d5d3e142d1e5d591c1016000d10461a00575657172c02421a4e4d3007393b16453a467f0c5c1713035918021f035b175c0313112d1e3a200b423a0013121c5d31557f1852005d05161a07161f1e647d1345172d475701005a3e5247101f5f7f557f075a1c5d031711431c13091a130f5c07556d670b49423a52581b1c4431143a0a50115d0d0d1d0606461d014156401d7f0b5f00093e061d4607535b3a552d1f140a5d001c100d540718065a18545e7f05451a4e4d3007140716132b5b304b401104420d1a430707024e5a02135a2c06494e074076787a1b005a3b51734b441c5d0016010b540d15014456441a3e13171d4e563a175d55145c365a384b5c175d4a1e1a0a1a015b015d5f39253a475b0001437f065b1053543e593a4b521719420e104406035b095c185d137f175c0f17143606397f325d3b14360d130012175914101f46160b131e5c057f2e17034e523a175f1c1d5455703005140d5d161c190f540b1e4e4a1946552d02101a015b7f105f1c1d577f40304b401c1868733b060203094e54195d1c3e47570718517f0b5c0053462f3e110e451c0f421e1a0d1a075b025602130b3012100a014331787d1005562d1438045d171c420b000d54070901461857523e09544e0a512c174101534a30415525560f181059120c1a081a4e5e1758177f1e5f1b4e572d0b393b16453a467f0c5c1713035906020d461c015c12510b3a6d7e0b18512d52541a1d5d3e142b0e5f155d0359190a11461a0057565b072d131017014155787d1005562d1438045d171c421e1c151146020146564602552955180b467f155c1b1d527f583a1f1300121759110c03087120560056007f005f0000557f00461b53522d5b2a0557591c0c1d550711151e1c47564a1d2a6d7e0b18512d52541a1d5d3e14320a581c5d1b160043171402647d1345172d475701005a3e5240140a13385b300f5100186837101511145b095c185d137f13550202143e525f1c16133e5a3b4b5b0c0f16590c0c016c7139565145177f0c5e01195a7f1752161b133040370e41591b0d0b55101b4617015d11392b3012424e06513e00475200133d513a0513181e0a101b045846191b47564a1d2a40420b4e40301d13061b4a7f40304b401804421001435c12144e40174a5236131964275a2c1b57105f1328517f095c0d1542121b0c03460c06520214017f05550b0014381d5a1b1413305a7f435416140c1e550c1a4f71395656581c3010101a06517f15521816133e5a3b4b441c5a101c55041b08150f13065f132647591a643e1652590000477f433e055d185d161c190f541f141b131e5c057f2e17034e523a175f1c1d545573301f47185d0f181e06541f141b13035d163a15431a0f5a3b78393b16453a467f0c5c17130359120a02035b175c0313072f6d7e0b18512d52541a1d5d3e14330e4759040d0c55071b1115647d1345172d475701005a3e5241001d133e46301e5d1d5d031711431003080b4102130b30123a200b423a0013121c5d31557f0652121842001a1654050917393856043a151009015a31131306124a7f533004571b0407733b060203094e54195d1c3e47440b02587f1313191a567f55310f131108100d551a1b1371647d1345172d475701005a3e52541c05567f4d301e130c0d6837101511145b095c185d137f0b551a4e4d300713111c44313e110e451c0f421e1a0d1a075b1c461813132d0845000a143e1c575517562c512d1f13001217733b060203094e54195d1c3e475d0f05517f0b5c0053502d4d5525560f181059120c1a081a4e40174a5238085f0a0c4d3a787d1005562d1438045d171c420d100f18461a4e5f1f56523e09544e06412d06130c1c46553e110e451c0f421e1a0d1a075b095a0056522608454e1b44553c560316417f5330055d185d0e1c01430d090e4e5719441c552955180b467f155c1b1d527f462a0513180f0d0c1b075407150a131256013a15444e175b2a787d1005562d1438045d171c421414081146020146565000266d7e0b18512d52541a1d5d3e142c0a4a591a0d1611010d037120560056007f005f0000557f0656191f133e14330256591c0c1d550b01140f4e4a1946')
print(xor(cypher,key))Which gives us b'byuctf{n3v3r_g0nn4_r3us3_4uk3y}byuctf{n3v3r_g0nn4_r3us3_4 and then some gibberish ahead since xor from pwntools adjusts the key length itself
So i submitted byuctf{n3v3r_g0nn4_r3us3_4_k3y}
AND SOLVED!
It was a little unintended solution the intended solution was to exploit the repeating key xor vulnerability. I didn’t tried it yet I’ll add it here afterwards