Following the SECCON writeups here is a crypto challenge.
We get the following challenge.
Vigenere
k: ???????????? p: SECCON{???????????????????????????????????} c: LMIG}RPEDOEEWKJIQIWKJWMNDTSR}TFVUFWYOCBAJBQ k=key, p=plain, c=cipher, md5(p)=f528a6ab914c1ecf856a1d93103948fe |ABCDEFGHIJKLMNOPQRSTUVWXYZ{} -+---------------------------- A|ABCDEFGHIJKLMNOPQRSTUVWXYZ{} B|BCDEFGHIJKLMNOPQRSTUVWXYZ{}A C|CDEFGHIJKLMNOPQRSTUVWXYZ{}AB D|DEFGHIJKLMNOPQRSTUVWXYZ{}ABC E|EFGHIJKLMNOPQRSTUVWXYZ{}ABCD F|FGHIJKLMNOPQRSTUVWXYZ{}ABCDE G|GHIJKLMNOPQRSTUVWXYZ{}ABCDEF H|HIJKLMNOPQRSTUVWXYZ{}ABCDEFG I|IJKLMNOPQRSTUVWXYZ{}ABCDEFGH J|JKLMNOPQRSTUVWXYZ{}ABCDEFGHI K|KLMNOPQRSTUVWXYZ{}ABCDEFGHIJ L|LMNOPQRSTUVWXYZ{}ABCDEFGHIJK M|MNOPQRSTUVWXYZ{}ABCDEFGHIJKL N|NOPQRSTUVWXYZ{}ABCDEFGHIJKLM O|OPQRSTUVWXYZ{}ABCDEFGHIJKLMN P|PQRSTUVWXYZ{}ABCDEFGHIJKLMNO Q|QRSTUVWXYZ{}ABCDEFGHIJKLMNOP R|RSTUVWXYZ{}ABCDEFGHIJKLMNOPQ S|STUVWXYZ{}ABCDEFGHIJKLMNOPQR T|TUVWXYZ{}ABCDEFGHIJKLMNOPQRS U|UVWXYZ{}ABCDEFGHIJKLMNOPQRST V|VWXYZ{}ABCDEFGHIJKLMNOPQRSTU W|WXYZ{}ABCDEFGHIJKLMNOPQRSTUV X|XYZ{}ABCDEFGHIJKLMNOPQRSTUVW Y|YZ{}ABCDEFGHIJKLMNOPQRSTUVWX Z|Z{}ABCDEFGHIJKLMNOPQRSTUVWXY {|{}ABCDEFGHIJKLMNOPQRSTUVWXYZ }|}ABCDEFGHIJKLMNOPQRSTUVWXYZ{
Vigenere cipher
https://en.wikipedia.org/wiki/Vigen%C3%A8re_cipher
Again they are giving us an enormous clue with the title and even a link to the wikipedia. It wasn’t being too difficult.
If the above wasn’t enough they provided us with the charset and the md5 of the reply with which the great master Patatas built the following scripts to resolve the challenge, first a known text attack is performed using the text we know from the flag:
<?php function vigenere_decrypt_customcharset($txt, $clave, $charset) { $lentxt = strlen($charset); $lenkey = strlen($clave); $txt2 = ''; for($i=0; $i<strlen($txt); $i++) { $c = strpos($charset, $txt[$i]); // caracter texto $x = strpos($charset, $clave[$i%$lenkey]); // caracter clave if($x!==FALSE and $c!==FALSE) { $txt2 .= $charset[($c - $x + $lentxt) % $lentxt]; // aplicar vigenere } else { $txt2 .= '?'; // aplicar vigenere //echo "X"; } } return $txt2; } $charset = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ{}'; $p = 'SECCON{???????????????????????????????????}'; $c = 'LMIG}RPEDOEEWKJIQIWKJWMNDTSR}TFVUFWYOCBAJBQ'; // PRIMERA PARTE $key1 = vigenere_decrypt_customcharset($c, $p, $charset); echo "KEY1: $key1\n\n"; ?>
This gives us the following result:
php vigenere_part1.php SECCON{???????????????????????????????????} KEY1: VIGENER???????????????????????????????????R
As we only know the first 7 characters we can see that the first part of the key is “VIGENERE”. With this, knowing the key length and the md5 we can perform a brute force attack against the rest of the key:
<?php /* --------------------------------------------------- VIGENERE --------------------------------------------------- */ function vigenere_decrypt_customcharset($txt, $clave, $charset) { $lentxt = strlen($charset); $lenkey = strlen($clave); $txt2 = ''; for($i=0; $i<strlen($txt); $i++) { $c = strpos($charset, $txt[$i]); // caracter texto $x = strpos($charset, $clave[$i%$lenkey]); // caracter clave if($x!==FALSE and $c!==FALSE) { $txt2 .= $charset[($c - $x + $lentxt) % $lentxt]; // aplicar vigenere } else { $txt2 .= '?'; // aplicar vigenere //echo "X"; } } return $txt2; } $charset = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ{}'; $p = 'SECCON{???????????????????????????????????}'; $c = 'LMIG}RPEDOEEWKJIQIWKJWMNDTSR}TFVUFWYOCBAJBQ'; $keyx = 'VIGENERE'; for($i=0; $i<strlen($charset); $i++) { for($j=0; $j<strlen($charset); $j++) { for($k=0; $k<strlen($charset); $k++) { for($l=0; $l<strlen($charset); $l++) { $key = $keyx . $charset[$i]. $charset[$j] . $charset[$k] . $charset[$l]; $p2 = vigenere_decrypt_customcharset($c, $key, $charset); echo "PLAIN: $p2\n\n"; $md5 = md5($p2); if($md5=='f528a6ab914c1ecf856a1d93103948fe') { echo "FOUND!! $key $p2\n"; exit; } }}}} ?>
Execute the script and in less than 2 seconds we get the key:
php vigenere_part2.php CLAVE: VIGENEREAAAA PLAIN: SECCON{ADOEEBCDEDEFGJWMNKLMNOPQRUFWYVWXYYZ} CLAVE: VIGENEREAAAB PLAIN: SECCON{ADOEDBCDEDEFGJWMMKLMNOPQRUFWXVWXYYZ} CLAVE: VIGENEREAAAC PLAIN: SECCON{ADOECBCDEDEFGJWMLKLMNOPQRUFWWVWXYYZ} CLAVE: VIGENEREAAAD PLAIN: SECCON{ADOEBBCDEDEFGJWMKKLMNOPQRUFWVVWXYYZ} ..... CLAVE: VIGENERECODC PLAIN: SECCON{ABABCBCDEDEFGHIJLKLMNOPQRSTTWVWXYYZ} CLAVE: VIGENERECODD PLAIN: SECCON{ABABBBCDEDEFGHIJKKLMNOPQRSTTVVWXYYZ} CLAVE: VIGENERECODE PLAIN: SECCON{ABABABCDEDEFGHIJJKLMNOPQRSTTUVWXYYZ} FOUND!! VIGENERECODE SECCON{ABABABCDEDEFGHIJJKLMNOPQRSTTUVWXYYZ}
And there is the key “VIGENERECODE” and the flag:
SECCON{ABABABCDEDEFGHIJJKLMNOPQRSTTUVWXYYZ}
Again the clues help us a lot in the investigation part and we could limit ourselves to resolve the challenge.
Hope you enjoyed it, greetings!!!