xorxorxor

This challenge involves a hex-encoded ciphertext encrypted using a repeating 4-byte XOR key. In XOR cryptography, if you know a portion of the original message (plaintext), you can easily recover the key and decrypt the rest of the file.

Analysis

The provided encryption script reveals three critical pieces of information:

1. Key Length: os.urandom(4) tells us the key is exactly 4 bytes long.

2. Algorithm: It uses a repeating XOR: data[i] ^ key[i % 4].

3. Symmetry: XOR is its own inverse. This means:

   $$Plaintext \oplus Key = Ciphertext$$

   $$Ciphertext \oplus Plaintext = Key$$

The Strategy (Known Plaintext Attack)

Standard flag formats usually begin with a known prefix like HTB{. Since our key is 4 bytes long, XORing the first 4 bytes of the ciphertext with the string HTB{ will reveal the secret key.

Exploitation Script

We use the pwntools library to handle the XOR operations and hex conversion efficiently.

from pwn import xor, unhex


ciphertext_hex = "134af6e1297bc4a96f6a87fe046684e8047084ee046d84c5282dd7ef292dc9"
ciphertext = unhex(ciphertext_hex)


known_prefix = b"HTB{"
key = xor(ciphertext[:4], known_prefix)

print(f"[*] Recovered Key: {key}")


flag = xor(ciphertext, key)
print(f"[+] Flag: {flag.decode()}")