We solved a cryptography CTF challenge where XOR encryption and HEX encoding were used to encrypt and encode the challenge flag. We used Python to craft an XOR decryption statement to decrypt the first four characters of the flag, THM{, in order to find the decryption key. This was part of TryHackMe W1seGuy room.
Blue Team Cyber Security & SOC Analyst Study Notes
Task Scenario
Yes, it’s me again with another crypto challenge!
Have a look at the source code before moving on to Task 2.
You can review the source code by clicking on the Download Task Files button at the top of this task to download the required file.
Your friend told me you were wise, but I don’t believe them. Can you prove me wrong?
The server is listening on port 1337 via TCP. You can connect to it using Netcat or any other tool you prefer.
Understanding the python source code
Source code is below:
import random
import socketserver
import socket, os
import string
flag = open('flag.txt','r').read().strip()
def send_message(server, message):
enc = message.encode()
server.send(enc)
def setup(server, key):
flag = 'THM{thisisafakeflag}'
xored = ""
for i in range(0,len(flag)):
xored += chr(ord(flag[i]) ^ ord(key[i%len(key)]))
hex_encoded = xored.encode().hex()
return hex_encoded
def start(server):
res = ''.join(random.choices(string.ascii_letters + string.digits, k=5))
key = str(res)
hex_encoded = setup(server, key)
send_message(server, "This XOR encoded text has flag 1: " + hex_encoded + "\n")
send_message(server,"What is the encryption key? ")
key_answer = server.recv(4096).decode().strip()
try:
if key_answer == key:
send_message(server, "Congrats! That is the correct key! Here is flag 2: " + flag + "\n")
server.close()
else:
send_message(server, 'Close but no cigar' + "\n")
server.close()
except:
send_message(server, "Something went wrong. Please try again. :)\n")
server.close()
class RequestHandler(socketserver.BaseRequestHandler):
def handle(self):
start(self.request)
if __name__ == '__main__':
socketserver.ThreadingTCPServer.allow_reuse_address = True
server = socketserver.ThreadingTCPServer(('0.0.0.0', 1337), RequestHandler)
server.serve_forever()
In the source code above, The start function will first generate a random key of length 5 as shown below:
res = ''.join(random.choices(string.ascii_letters + string.digits, k=5))
key = str(res)
And below is the call to the function setup
hex_encoded = setup(server, key)
The setup function takes the encryption key and uses XOR encryption on the first flag by iterating over all characters of the flag and XOR‘ing it with key.
Lastly it applies hex encoding on the result:
def setup(server, key):
flag = 'THM{thisisafakeflag}'
xored = ""
for i in range(0,len(flag)):
xored += chr(ord(flag[i]) ^ ord(key[i%len(key)]))
hex_encoded = xored.encode().hex()
return hex_encoded
The lin below prints the XOR encrypted and hex encoded flag returned from the setup function.
send_message(server, "This XOR encoded text has flag 1: " + hex_encoded + "\n")
Afterwards, it asks for the encryption key and reads the user input. If the key or the input provided matches the key randomly generated, the code the prints the second flag read from flag.txt.
send_message(server,"What is the encryption key? ")
key_answer = server.recv(4096).decode().strip()
try:
if key_answer == key:
send_message(server, "Congrats! That is the correct key! Here is flag 2: " + flag + "\n")
server.close()
else:
send_message(server, 'Close but no cigar' + "\n")
server.close()
except:
send_message(server, "Something went wrong. Please try again. :)\n")
server.close()
Check out the video below for detailed explanation.
Room Answers | TryHackMe W1seGuy
What is the first flag?
THM{p1alntExtAtt4ckcAnr3alLyhUrty0urxOr}
What is the second and final flag?
THM{BrUt3_ForC1nG_XOR_cAn_B3_FuN_nO?}
Video Walkthrough | TryHackMe W1seGuy
