PicoCTF-2021 Writeup
  • README
  • Binary Exploitation
    • Binary Gauntlet 0
    • Binary Gauntlet 1
    • Stonks
    • What's your input?
  • Cryptography
    • Compress and Attack
    • Dachshund Attacks
    • Double DES
    • Easy Peasy
    • It is my Birthday 2
    • It's Not My Fault 1
    • Mini RSA
    • New Caesar
    • New Vignere
    • No Padding, No Problem
    • Pixelated
    • Play Nice
    • Scrambled: RSA
  • Forensics
    • Disk, disk, sleuth!
    • Disk, disk, sleuth! II
    • information
    • MacroHard WeakEdge
    • Matryoshka doll
    • Milkslap
    • Surfing the Waves
    • Trivial Flag Transfer Protocol
    • tunn3l v1s10n
    • Very very very Hidden
    • Weird File
    • Wireshark doo dooo do doo...
    • Wireshark twoo twooo two twoo...
  • Reverse Engineering
    • ARMssembly 0
    • ARMssembly 2
    • ARMssembly 3
    • ARMssembly 4
    • gogo
    • Hurry up! Wait!
    • keygenme-py
    • Let's get dynamic
    • Rolling My Own
    • Shop
    • speeds and feeds
    • Transformation
  • Web Exploitation
    • Ancient History
    • Bithug
    • GET aHEAD
    • It is my Birthday
    • More Cookies
    • Most Cookies
    • Scavenger Hunt
    • Some Assembly Required 1
    • Some Assembly Required 2
    • Some Assembly Required 3
    • Some Assembly Required 4
    • Super Serial
    • Web Gauntlet 2
    • Web Gauntlet 3
    • Who are you?
    • X marks the spot
Powered by GitBook
On this page
  • Problem
  • Solution
  • Flag

Was this helpful?

Edit on GitHub
  1. Cryptography

Easy Peasy

PreviousDouble DESNextIt is my Birthday 2

Last updated 2 years ago

Was this helpful?

Problem

A one-time pad is unbreakable, but can you manage to recover the flag? (Wrap with picoCTF{}) nc mercury.picoctf.net 20266 otp.py

Solution

  1. As stated in the description, this is a challenge. One of the criteria of a one-time pad is that the key is never reused in part or in whole. We can modify the program so that it does not meet this requirement.

  2. The significant bug in the script appears on lines 34-36:

    if stop >= KEY_LEN:
    	stop = stop % KEY_LEN
    	key = kf[start:] + kf[:stop]

    stop equals the previous ending point of the key plus the length of the new user input. However, if stop is greater than the key length, stop is set to stop % KEY_LEN. Thus, inputting just enough text to get to the end of the keyfile will set stop to 0 because 40000 % 40000 is 0. key_location is then set to stop and key_location is returned. So, when we input the next string to be encrypted the encrypt function will receive key_location=0, thus allowing us to use the same key that was used to encrypt the flag.

  3. Generate a pwntools template with pwn template --host mercury.picoctf.net --port 20266 otp.py.

  4. The solve is commented and explains the solution. In brief, since we know a clear text message and an encrypted message, we can find the key (as explained in ) and then decrypt the flag.

Flag

picoCTF{99072996e6f7d397f6ea0128b4517c23}

otp.py
one-time pad
otp.py
script
this Computer Science StackExchange answer