Traces

Personal Rating: Medium

There is the code to an IRC server and a docker container was spawned.

IRC Server

I could join one of the two servers, general.

general chat

We need to find he key to join the secret chat as it seems. It is noticeable that the first messages have the same start. Since we also have the source code, we can quickly find out that the messages are encrypted with AES CTR. Some have the same start... This indicates that the nonce or IV was the same for all messages.

I read that the plaintext is XORed with the key stream to produce the cipher. The key stream seems to be the same for all messages here. If two plaintexts are encrypted with the same key, "encmsg1 XOR encmsg2 = result" cancels out the key stream, leaving the XOR of the two plaintexts. If you then do "result XOR msg1", you get encmsg2.

AES CTR Explanation

This indeed worked, guessing that the first message would be "hello".

First Message

So if we guess or know msg1, we get the plaintext of msg2 and the other ones this way.

https://github.com/jakecraige/ctf/blob/master/csaw-quals-2020/adversarial/writeup.md This looks like what we need.

We can take two ciphers of the size of the key (32) and XOR them.

bf196ff5b7a87302b83cb37d6728a1cc XOR bd122ce6a0fb6002a378fc7d412ca5cc
= 020b4313175313001b444f0026040400

We can then XOR this byte by byte with suspected characters of msg1. Each time a readable character is the output, we add it to the frequency analysis string. Once this string reached the size of the key, we do the frequency analysis on it and then try to use the key to decrypt other messages.

After some debugging, the tool worked! We noticed also, that we have the first messages already:

First Messages Known

Freqency Analysis Script

I continued with this until most of the text was decrypted. One message contained the key to the secret chat:

secret Chat Password

Only the last character was wrong/missing. It could be bruteforced to be R. So the key was %mi2gvHHCV5f_kcb=Z4vULqoYJ&oR

Now I could join the secret channel!

Secret Channel

The same procedure, just with longer messages this time. I quickly found the message with the flag:

Message with Flag

cipher1(360B): 3895725f10f1b4f3228b21d575dec895dc4662d76a75b81a07f37cd1ace885fd3925e9c74898df00bcd25f661ed932e62c6ab3020cf58b7227c8a3c8d5a2189d4c346d51525152006fd401c505a40f5aab2dd34ad2eb717fc115e142b36b0237e23598dfa9a1950a48ae37ee7c09d083439e1d513115cdfbf6534334e9f3e572c24f0623e88edf74a583a9762a919ea755f6c54386ace163358219a3582b4c2ce256f1497195711c5bebdb50340243258a32bcdf

plaintext1(192B): Exactly. And even if we remain unseen for now, we need contingency plans. If the council fortifies its magimal barriers, we could lose access to their strongholds. Do we have a secondary means

cipher2(360B): 2488601044ffb8a922bd2a9138cecd84921279d42b76fd5301b67edea9ff85e92476ed824ad9ca1bee80547a068766bf6903bb471ef48b702bd2bed7dab118d346396d55515f1c002e9b268f05a7021ff907cf549cfa7d658412e259a9654437f33598dab2b1d41340a630a33d2c84c14b9f4f543505dbbbb3400675f9a6b056f22d110fe9829d4a8292ad623ed884af2ac7d55683b1a86420841fa2511c7429f24d802250830e2551a5d0541d350631d924f8c1

plaintext2: Yes, but we must treat it only as a last resort. If we activate it too soon, we rIsk revealing its location It is labeled as: HTB{Crib_Dragging_Exploitation_With_Key_Nonce_Reuse!}