<- IMAGINARYCTF

xorrot

1 minute to read

We are given this source code to encrypt the flag, and also the ciphertext as a comment in the code:

#!/usr/bin/env python3

flag = open('flag.txt', 'rb').read()
key = open('/dev/urandom','rb').read(1)[0]
out = []

for c in flag:
    out.append(c ^ key)
    key = c

print(f'{bytes(out).hex() = }')

# bytes(out).hex() = '970a17121d121d2b28181a19083b2f021d0d03030e1526370d091c2f360f392b1c0d3a340e1c263e070003061711013b32021d173a2b1c090f31351f06072b2b1c0d3a390f1b01072b3c0b09132d33030311'

From the source code, we see that the key is a single byte. Moreover, the key is updated with the current plain text character.

Hence, we can use some Python scripting to solve the challenge:

#!/usr/bin/env python3

def main():
    ct = bytes.fromhex('970a17121d121d2b28181a19083b2f021d0d03030e1526370d091c2f360f392b1c0d3a340e1c263e070003061711013b32021d173a2b1c090f31351f06072b2b1c0d3a390f1b01072b3c0b09132d33030311')  
    key = ord('i') ^ ct[0]
    flag = b''

    for b in ct:
        flag += bytes([b ^ key])
        key = flag[-1]

    print(flag.decode())


if __name__ == '__main__':
    main()

$ python3 solve.py
ictf{it_would_probably_help_if_the_key_affected_more_than_just_the_first_char_lol}

The full script can be found in here: solve.py.