# EFF-CTF 2016 - LOLCrypto - Crypto Challenge

## January 27, 2016

I have a guest writeup this week for the EFF-CTF we did. Welcome Steven who I worked with to solve the EFF-CTF this week which was part of Enigma 2016 security conference.  Take it away Steven:

Level0x3 for the EFF-CTF required cracking homebrew crypto. The level was as follows:

At first we tried “aaaa” as our input as a test.

Interesting, lets make sure it’s deterministic by checking the same input again.

hmm, everything changed.

We then tested a single character to see what the length of the output would be.

It’s looking as if one character becomes 4 numbers when encrypted. Lets test that theory:

“aa” becomes 8 numbers, so we are on the right path.

I had the idea to add the numbers up and see if them came to the same summation. Which they did! If that failed, I was going to check if some mathematical operation of the 4 numbers (or part of) would be the same. Failing that, perhaps one or more of the numbers were decoys and discarded when decrypted.

• 67+12+2+77 = 158
• 30+56+48+24 = 158
• 65+7+56+30 = 158
• 52+20+54+32 = 158

Yep! So, our theory is groups of 4 numbers add to the same sum. Lets make sure our ciphertext that we need to crack has groups of 4.

I used https://regex101.com with /[0-9]+/g

Perfect.

We can now use a chosen plain text attack, so we encrypt “abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ._ :1234567890′!”

We can then can map the output to each character in that list.

Kris created a script in Python that could do that for us:

``````

#!/usr/bin/python

alphabet = list("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ._ :1234567890'!")

# Generate a translation table
translation = []
for i in range(,len(alphacipher),4):
j = alphacipher[i] + alphacipher[i+1] + alphacipher[i+2] + alphacipher[i+3]
translation.append(j)

# decipher ciphertext
plaintext = []
for i in range(,len(c),4):
j = c[i] + c[i+1] + c[i+2] + c[i+3]
plaintext.append(alphabet[translation.index(j)])

print "[+] Plaintext: " + "".join(plaintext)

``````

Which when we run, gives us the flag:

``````root@kalimate:~/eff# python dec2.py
[+] Plaintext: This week's decryption passphrase is: Don't BULLRUN me bro!

``````

### Interviewing in Tech: Security Engineer & Security Analyst

Landing a job as a security engineer or analyst at a tech company is a significant feat. It requires not only technical acumen but also s...… Continue reading

#### BSides Sydney 2023 Writeups

Published on November 24, 2023

#### DUCTF 2023 Writeups

Published on August 31, 2023