Writeups
  • Archive
  • 2021
    • CSAW Qualification Round
      • Crypto
        • Gotta Decrypt Them All
    • TMUCTF
      • 435!
      • Common Factor
    • WORMCON 0x01
      • Fake Encryption
      • Rem, Shinobu, Asuna
      • Exclusive
      • Sir Oracle
      • Invisible Cipher
Powered by GitBook
On this page
  • Observations
  • Attack Idea

Was this helpful?

  1. 2021
  2. TMUCTF

435!

PreviousTMUCTFNextCommon Factor

Last updated 3 years ago

Was this helpful?

Source files and Solve Script:

Observations

  • We know the partial AES key

  • The AES-CBC encrypted partial output data is also given

  • 3 bytes are missing(represented by asterisks(*)) from the key

  • The last 21 bytes (42 hex nibbles) are intact in the output

Attack Idea

STEP 1: Brute-force the 3 unknown bytes of the key.

STEP 2: Use the key to decrypt the last block of the ciphertext with the ECB MODE.

STEP 3: XOR the decrypted data with the corresponding plaintext block (we know the whole plaintext) to recover the previous block.

STEP 4: Change the last block with the current block and repeat STEP 2-3. With this method, you can recover the whole ciphertext and that can act as a sanity check to find the correct key.

STEP 5: Extract the IV (the flag) from the first block of the ciphertext and plaintext using STEP 2-3 for the last time.

TMUCTF/435!
IV and the whole ciphertext recovery from last block of AES-CBC Encrypted message