Source files and Solve Script: TMUCTF/435!


  • We know the partial AES key
  • The AES-CBC encrypted partial output data is also given
  • 3 bytes are missing(represented by asterisks(*)) from the key
  • The last 21 bytes (42 hex nibbles) are intact in the output

Attack Idea

STEP 1: Brute-force the 3 unknown bytes of the key.
STEP 2: Use the key to decrypt the last block of the ciphertext with the ECB MODE.
STEP 3: XOR the decrypted data with the corresponding plaintext block (we know the whole plaintext) to recover the previous block.
STEP 4: Change the last block with the current block and repeat STEP 2-3. With this method, you can recover the whole ciphertext and that can act as a sanity check to find the correct key.
STEP 5: Extract the IV (the flag) from the first block of the ciphertext and plaintext using STEP 2-3 for the last time.
IV and the whole ciphertext recovery from last block of AES-CBC Encrypted message
Copy link
On this page
Attack Idea