Crypto CTF — Learning XOR

Golam Rabbany
3 min readSep 3, 2023

This is a writeup of the challenge “XOR Properties” from “CryptoHack.com”.

The question gives us a simple overview of XOR and the keys that have been XORed with the ‘flag’ we are looking for.

Commutative: A ⊕ B = B ⊕ A
Associative: A ⊕ (B ⊕ C) = (A ⊕ B) ⊕ C
Identity: A ⊕ 0 = A
Self-Inverse: A ⊕ A = 0

KEY1 = a6c8b6733c9b22de7bc0253266a3867df55acde8635e19c73313
KEY2 ^ KEY1 = 37dcb292030faa90d07eec17e3b1c6d8daf94c35d4c9191a5e1e
KEY2 ^ KEY3 = c1545756687e7573db23aa1c3452a098b71a7fbf0fddddde5fc1
FLAG ^ KEY1 ^ KEY3 ^ KEY2 = 04ee9855208a2cd59091d04767ae47963170d1660df7f56f5faf

What is Xor?

XOR is a bitwise operation that produces output similar to the table below.

0 Xor 0 = 0
0 Xor 1 = 1
1 Xor 0 = 1
1 Xor 1 = 0

This means that if the bits are the same and the XOR operation is performed, the result will be ‘0’, and only when the two input bits are different will the result be ‘1’.

A short note from the question.

Commutative: A ⊕ B = B ⊕ A
Associative: A ⊕ (B ⊕ C) = (A ⊕ B) ⊕ C
Identity: A ⊕ 0 = A
Self-Inverse: A ⊕ A = 0

Commutative: This means that the order of XOR input doesn’t matter.
Associative: This means that regardless of how you place the brackets “()”, as long as you have the input set up, the result will be the same.
Identity: This means that if any one input is “0,” nothing will change.
Self-Inverse: This means if both inputs are the same the result will always be “0”.

With that let’s get into solving the challenge.

We are given,

Key1 = this
Key2 ^ Key1 = result
Key2 ^ Key3 = result
Flag ^ Key1 ^ Key3 ^ Key2 = result

^ = Xor

So first we have to retrieve the key2 and key3 with the info we have.

Since, if A Xor B = C, A Xor C = B and C Xor B = A. So following this logic. If we Xor the result of “Key2 ^ Key1” with “Key1” we should get the “Key2”.

So the final result would come to this logic.

Key1 = given
Key2 = Key1 ^ (Key2 ^ Key1)
Key3 = Key2 ^ (Key2 ^ Key3)
Flag = (Key1 ^ Key2 ^ Key3) ^ (Flag ^ Key1 ^ Key3 ^ Key2)

And once we get all the keys we can combine their xor result and xor that with the final value. Let’s implement it using Python.

from pwn import *
# needed for the xor()


key1 = bytes.fromhex("a6c8b6733c9b22de7bc0253266a3867df55acde8635e19c73313")
# bytes.fromhex() decodes hex to byte
key1_2 = "37dcb292030faa90d07eec17e3b1c6d8daf94c35d4c9191a5e1e"
key2_3 = "c1545756687e7573db23aa1c3452a098b71a7fbf0fddddde5fc1"
flag_key123 = "04ee9855208a2cd59091d04767ae47963170d1660df7f56f5faf"


key2 = xor(bytes.fromhex(key1_2), key1)
key3 = xor(bytes.fromhex(key2_3), key2)
# xor(a,b), xors the value a with b. Comes with pwntool lib


key1_2_3 = xor(bytes.fromhex(key1_2), key3)


flag = xor(bytes.fromhex(flag_key123), key1_2_3)

print(f"Flag: {flag.decode()}")
# .decode(), decodes flag from byte to text

print(f"Key1: {bytes.hex(key1)},\nKey2: {bytes.hex(key2)},\nKey3: {bytes.hex(key3)},\nKey1 ^ Key2 ^ Key3: {bytes.hex(key1_2_3)}")

# bytes.hex() makes bytes to hex

We are decoding all the “hex” values to “bytes”.

Then we are retrieving the “Key2” and “Key3”.

key2 = xor(bytes.fromhex(key1_2), key1)
key3 = xor(bytes.fromhex(key2_3), key2)

After that, we are XORing all the keys together. Since we already have the “Key1 ^ Key2” just XORing the “Key3” with that will give us the final value of XORing all the keys.

key1_2_3 = xor(bytes.fromhex(key1_2), key3)

Once we get the xor of all the keys, it’s time to Xor the result with the final value that’s been XORed with the flag.

flag = xor(bytes.fromhex(flag_key123), key1_2_3)

Then we are printing the “Flag” and the “Keys”.

print(f"Flag: {flag.decode()}")
# .decode(), decodes flag from byte to text

print(f"Key1: {bytes.hex(key1)},\nKey2: {bytes.hex(key2)},\nKey3: {bytes.hex(key3)},\nKey1 ^ Key2 ^ Key3: {bytes.hex(key1_2_3)}")

# bytes.hex() makes bytes to hex

So now if we execute this code we should get the flag. Let’s check it.

That’s it we have solved this challenge.

More walkthroughs like this will be coming up next. If it was helpful please give a like (clap).

I also write in substack (in-depth, and hands-on), you can get it here https://cyberxcyber.substack.com/.

Thanks!

Twitter @_Golam Rabbany

--

--

Golam Rabbany

Cyber Security Professional | CySA+ | ISC2 CC | Splunk CDA | AWS CCP | AWS SAA | Content Creator