aes
1 minute to read
We are given this output:
Python 3.8.10 (default, Mar 15 2022, 12:22:08)
[GCC 9.4.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import random
>>> from Crypto.Cipher import AES
>>> key = random.choice(open("rockyou.txt", "rb").readlines()[:10000]).strip()
>>> key = key.zfill(16)
>>> cipher = AES.new(key, AES.MODE_ECB)
>>> cipher.encrypt(open("flag.txt", "rb").read().zfill(48))
b"\xd6\x19O\xbeA\xb0\x15\x87\x0e\xc7\xc4\xc1\xe9h\xd8\xe6\xc6\x95\x82\xaa#\x91\xdb2l\xfa\xf7\xe1C\xb8\x11\x04\x82p\xe5\x9e\xb1\x0c*\xcc[('\x0f\xcc\xa7W\xff"
It is an output from Python REPL. It takes a random password from rockyou.txt and uses it as the key to encrypt the flag with AES ECB. We are also given the ciphertext.
We only need to take the passwords inside rockyou.txt and perform the decryption until we find one flag that decrypts well (that is, the plain text contains ictf{):
$ python3 -q
>>> ct = b"\xd6\x19O\xbeA\xb0\x15\x87\x0e\xc7\xc4\xc1\xe9h\xd8\xe6\xc6\x95\x82\xaa#\x91\xdb2l\xfa\xf7\xe1C\xb8\x11\x04\x82p\xe5\x9e\xb1\x0c*\xcc[('\x0f\xcc\xa7W\xff"
>>> keys = open("rockyou.txt", "rb").readlines()[:10000]
>>> from Crypto.Cipher import AES
>>> for key in keys:
... try:
... cipher = AES.new(key.strip().zfill(16), AES.MODE_ECB)
... pt = cipher.decrypt(ct)
... if b'ictf{' in pt:
... print(key, pt)
... break
... except:
... pass
...
b'biscuit\n' b'0000000000000000000ictf{d0nt_us3_w3ak_k3ys!!!!}\n'