Crypto CTF — You either know, XOR you don't

Golam Rabbany
3 min readSep 5, 2023

This is a Crypto CTF writeup from “CryptoHack.com”. The challenge provides us with this question.

I've encrypted the flag with my secret key, you'll never be able to guess it.

Remember the flag format and how it might help you in this challenge!

0e0b213f26041e480b26217f27342e175d0e070a3c5b103e2526217f27342e175d0e077e263451150104

It contains one hexed string, and they also mentioned a “secret key” that's been XORed with the “Flag” the end result being the bytes that we can get after decoding the hex.

So We will have to get the “Secret Key” and XORing that with the encrypted string will give us the flag.

Now if you recall, Flag ^ Key = Cipher then Cipher ^ Flag = Key. Following the rule, a ^ b = c so, c ^ a = b.

Here we already have the “Cipher” text but we don't have the “Flag” so how do we perform that operation? If you noticed the challenge mentioned about flag format “Remember the flag format and how it might help you in this challenge!”.

And from our previous challenge, we know that the flag format used by CryptoHack.com is “crypto{}”.

So now the trick is instead of trying to xor with the full “Flag” we will perform the XOR with partial “Flag” that's the “crypto{“.

Now before decrypting this, let’s try how it looks by XORing with our own flag.

Image by author

Here I am using the flag “Flag1337{YOu_L33T}” and XORing this using the Key “Secret”.

Now let's see what happens when we try to decrypt this with the Flag Format “Flag1337{“.

Image by author

See, how we are able to retrieve the key using the flag format. Now let’s type the complete flag as key and look at the output.

Image by author

Noticed how all the “Flag” strings are replaced with the Key. That’s how xor works. If the “Key” length is smaller than the flag then it will use the key on “repeat”.

Now let’s get back to the challenge and retrieve the key.

Image by author

First, we decode it from hex to get the actual bytes. Then we are XORing with the flag format. But we only get “myXORke” which is not the full key, but at this time, it can be guessed that the key is “myXORkey”.

Now let’s input this key and retrieve the flag.

Image by author

If you also want to use CyberChef make sure to select the mode to “UTF8” else it wont work.

This challenge can also be solved using Python.

from pwn import xor
flag = bytes.fromhex('0e0b213f26041e480b26217f27342e175d0e070a3c5b103e2526217f27342e175d0e077e263451150104')
print(xor(flag, 'crypto{'.encode()))
# This gives us the key
print(xor(flag, 'myXORkey'.encode()))
# using the output of key, and gussing the 'y' we get the key.

# encoding to bytes using `.encode`, it only changes `data type`, not the data

# Credit: oushanmu

Here we are decoding the hex to bytes.

flag = bytes.fromhex('0e0b213f26041e480b26217f27342e175d0e070a3c5b103e2526217f27342e175d0e077e263451150104')

Retrieving the key by XORing with the flag format.

print(xor(flag, 'crypto{'.encode()))

Finally using the actual key with ‘y’ added, to get the flag.

print(xor(flag, 'myXORkey'.encode()))
Image by author

More walkthroughs like this will be coming up next. If it was helpful please give a like (clap).

I also write in substack (in-depth, and hands-on), you can get it here https://cyberxcyber.substack.com/.

Thanks!

Twitter @_Golam Rabbany

--

--

Golam Rabbany

Cyber Security Professional | CySA+ | ISC2 CC | Splunk CDA | AWS CCP | AWS SAA | Content Creator