I tried avoiding the Derbycon CTF. I really did. With more than 18,000 flags available, I knew that if I got sucked in, I’d have to go all in for the weekend. But the allure was too much. I dedicated a few hours on Saturday to checking out a few of the challenges and ended up nabbing about 65 flags (with the help of a few others). The majority of my points came from the crypto challenge, which is all I’ll be writing up today.
Discovering the challenge took a bit. On one of the hosts in the /16 scoped network there was a mocked up university website, pwnedu. In a subdirectory of the site was a list of faculty pages. One og the faculty had a few subfolders in their personal directory. One of these wasa folder called ‘crypto’ in the ‘homework’ directory. There were 3 files of interest here:
1) Assignment.cipher.txt
2) Assignment.plain.txt
3) secret.txt.
Two of these files, Assignment.cipher.txt and secret.txt were encrypted and thus unreadable. The other file, Assignment.plain.txt contained readable text, but the layout was… interesting.
In order to solve the challenge, you needed to decipher the encrypted message in the secret.txt file. The problem was that you had no information on exactly what was used to encrypt the message, or any key information. You had to figure out how to use the two ‘Assignment’ files to extract the secret message. Let’s start with what we can actually read, the Assigment.plain.txt file. As I mentioned previously, the layout was interesting at first glance. Each of the words in the file seemed to be laid out in columns, which made it difficult to read. So I made a copy and stripped it down to understand what was written inside.
Stripping out the extra whitespace yielded the following:
For this assignment your task is to take on the role of a code breaker.
You will use what we learned in class about crypto analysis , and some comon
cryptographic operations such as XOR.
You will also need to utilize your knowlege of block ciphers such as AES and
DES and the various modes these ciphers can be utilized in , especially ECB or ,
electronic code book. It will also help to understand other modes such as
CTR , or counter. An encoded copy of this assignment is provided. You
must use this plain text to perform a know plain text attack. Comparing the
content of this message with the provided cipher text copy will allow you to
discover enough information to enable you to decipher the contnet secret.txt.
Follow the instructions in secret.txt to reveal the FLAG. Come prepared to
identify the flag in class Tuesday.
A Cryptographers tale.
Once a upon a time Alice had a message she wanted to send Bob. Alice did not
want Jim to be able to read the message. She also need to send a meesage to
Jim , that ideally Bob would not read. Alice decided the best solution was
to protect her message with AES. Unfortunitly for Alice her computer is very
slow and has no dedicated cryptographic hardware. It was a wire wrap hand
built affir using individual transistors and a number of toggle switchs for
input.
Alice ‘s father was convinced all integrated circuits were bugged with listening
devices and would not all Alice to have anything in the house that utilized
them. He had not been right since the war. Alice accepted this though because
she felt all the tin foil clothing he provided her was quite stylish , she
liked her Sunday hat in particular. Things are what they are she thought.
The letter she needed to send Bob was very long. After several long afternoons
writing out her AES implementation in assembly , desk checking it two times ,
she was tired. Alice knew she should probably implement CBC or CTR modes but
the thought of many hours ahead of her converting her assembly to binary before
she could even start entering the program on the toggles lead Alice to decide
to just go with ECB and hope Jim would not be able to break the code.
Jim was the sort of idiot who could hardly count anyway.
Alice finished entering her program and letters one character at a time.
clearing the register each time. Finally Alice was able to send her messages to
both Bob and Jim in relative safety. She skipped a number of spaces and
punctuation to save time.
Alice was so excited by Bobs reply she could hardly put it down.