Someone is trying to hide something from us... We found the script he used to encrypt the secret, however we can't seem to figure out a way to reverse it... Can you help us?
Background Knowledge
Some basic Java programming understanding, and some brute force scripting techniques. Other than that, all is well!
Solution
The player is given 2 items: "enc.java" and "enc_flag.txt"
enc.java
import java.util.Random;
public class EncryptFlag {
public static String encryptFlag(String flag) {
Random random = new Random();
int key = random.nextInt(10) + 1; // Perhaps this is important?
StringBuilder encryptedFlag = new StringBuilder();
for (int i = 0; i < flag.length(); i++) {
char c = flag.charAt(i);
encryptedFlag.append((char) (c ^ key));
}
return encryptedFlag.toString();
}
public static void main(String[] args) {
String flag = "flag{example}";
String encryptedFlag = encryptFlag(flag);
System.out.println(encryptedFlag);
}
}
Random random = new Random();
int key = random.nextInt(10) + 1;
The variable "key" is initialized to a random integer from 1 to 10.
for (int i = 0; i < flag.length(); i++) {
char c = flag.charAt(i);
encryptedFlag.append((char) (c ^ key));
}
And, the flag is XOR'ed against the key.
The solution is simply to brute force the integer key values from 1 to 10, until a readable string containing CTF101{} is obtained.
solve.py
def decrypt_flag(encrypted_flag):
for key in range(1, 10):
decrypted_flag = ""
for c in encrypted_flag:
decrypted_flag += chr(ord(c) ^ key)
if "CTF" in decrypted_flag:
return decrypted_flag
encrypted_flag = open("enc_flag.txt", "r").read()
print(decrypt_flag(encrypted_flag))
# CTF101{sEcr37_FlAGs_w0w!}