PicoCTF Tap into Hash
This is reverse engineering challenge. Our task is to decode a encrypted message, where the encryption algorithm is provided.
Here are the challenge files :
Let's dig into the python function.
Let me explain it step by step:
Blockchain Creation: A simple blockchain was created with 5 blocks.
Encryption: The function takes the key, uses XOR encryption.
Key Generation: A random key was generated using .
Command Line Argument: The script accepted a "token" as a command-line argument, which was integrated into the data being encrypted.
This is the encrypt function.
This is the critical part. So the innter_txt which is the secret code is added in between the blockchain hash. This is not how blockchains works.
The rest of the logic is:
Pads the resulting string to be a multiple of 16 bytes.
Calculates the SHA256 hash of the encryption key.
Iterates through the padded text, XORs each block with the SHA256 hash of the key.
Concatenates the XORed blocks together to form the ciphertext.
Returns the ciphertext.
So all we have to do is decode the Encrypted Blockchain and retrieve the flag at the middle.
XOR if not properly implemented can be easily reversed.
This is the logic we will be using
Find SHA256 of the key
Use it to XOR each 16 block of the cypher text
Remove the padded values to retrieve the final flag.
Thanks for the read ! See you tomorrow.
LiveAPI makes it easy to find, understand, and use APIs in big tech systems. It quickly creates clear documents for code that doesn't have any, saving you time.
You can try it right now! 🚀
Also, we have LiveReview coming up for faster AI code reviews, join the wait list.