This weekend, I participated in TUCTF. This was a quality CTF with a large variety of challenges (including the interesting “EscapeFromHell” series, which I thought was structured very well – but it’s too long to do here.

The Neverending Crypto challenge came in 9 parts: all of the parts were presented as a text clue, followed by an IP address and port which were the same for all 9 parts.

Upon connecting to said IP, we are presented with an encryption oracle, similar to the following (sorry, no screenshot):

Give me some text: blah
blah encrypted is xyza
What is asdjfio;jawioer decrypted?

This repeats 50 times per level: if you solve 50 correctly, you get a flag, and the encryption scheme changes (and you proceed onto the next 50). To get to a given level, you had to solve all the levels before it: that is, if you wanted to get to level 7 to test something, you had to solve (6*50) challenges. Every. Motherfucking. Time.

zzzzzzzzzzzzzzzzzzzzzz (taken while trying to figure out level 4 or something)

After an hour or so of laboriously trying to brute force the ciphertext, we recognized that the cryptographic challenge (“What is <challenge> decrypted?”) came from a predefined list of texts, and that they all had unique patterns of spacing – that is:

moon child -> xxxx_xxxxx
try swimming -> xxx_xxxxxxxx
the oracle -> xxx_xxxxxx

After realizing this, we were able to greatly speed up our attack, by only identifying the “space” character in a ciphertext, and then pattern matching against a list of known plaintexts.

The code we used to solve the first 7 levels can be reviewed here: I gave up after 7 levels because it was 12:30 in the morning and the amount of time it took to even reach level 8 made the 50 points or whatever it was worth not worthwhile.

As always, thankyou to the TUCTF team for putting together a great event.