This weekend, I participated in TUCTF. This was a quality CTF with a large variety of challenges (including the interesting “EscapeFromHell” series, which I thought was structured very well – but it’s too long to do here.
The Neverending Crypto challenge came in 9 parts: all of the parts were presented as a text clue, followed by an IP address and port which were the same for all 9 parts.
Upon connecting to said IP, we are presented with an encryption oracle, similar to the following (sorry, no screenshot):
Give me some text: blah blah encrypted is xyza What is asdjfio;jawioer decrypted?
This repeats 50 times per level: if you solve 50 correctly, you get a flag, and the encryption scheme changes (and you proceed onto the next 50). To get to a given level, you had to solve all the levels before it: that is, if you wanted to get to level 7 to test something, you had to solve (6*50) challenges. Every. Motherfucking. Time.
After an hour or so of laboriously trying to brute force the ciphertext, we recognized that the cryptographic challenge (“What is <challenge> decrypted?”) came from a predefined list of texts, and that they all had unique patterns of spacing – that is:
moon child -> xxxx_xxxxx try swimming -> xxx_xxxxxxxx the oracle -> xxx_xxxxxx
After realizing this, we were able to greatly speed up our attack, by only identifying the “space” character in a ciphertext, and then pattern matching against a list of known plaintexts.
The code we used to solve the first 7 levels can be reviewed here: I gave up after 7 levels because it was 12:30 in the morning and the amount of time it took to even reach level 8 made the 50 points or whatever it was worth not worthwhile.
As always, thankyou to the TUCTF team for putting together a great event.
Pingback: Writeups – LuciferVM (Notes), Worth a Thousand Words, The Never Ending Crypto (TUCTF) | Advanced Persistent Jest