search

🟩xorxorxor

hashtag
Challenge code

First lets read the code 

#!/usr/bin/python3
import os
flag = open('flag.txt', 'r').read().strip().encode()


class XOR:
    def __init__(self):
        self.key = os.urandom(4)

    def encrypt(self, data: bytes) -> bytes:
        xored = b''
        for i in range(len(data)):
            xored += bytes([data[i] ^ self.key[i % len(self.key)]])
        return xored

    def decrypt(self, data: bytes) -> bytes:
        return self.encrypt(data)


def main():
    global flag
    crypto = XOR()
    print('Flag:', crypto.encrypt(flag).hex())


if __name__ == '__main__':
    main()

hashtag
Analyze the code

Let's start reading the code, and first it makes the flag global so the class XOR can read it, then it prints the encrypted flag after converting it to hex, it calls the encryption function in the print statement, lets take a look at the class, it first creates a random 4 bytes key:

and then in the encrypt function

it xor each byte of the data "FLAG" with a byte from the key wrapping around if the key end, the last part is the decrypt function which is just calls the encrypt function. now lets take a quick review of xor properties:

if

A ^ B = C

then A ^ C = B

and

C ^ B = A

thus

Flag ^ Key = Ecrypted_flag

then

Flag ^ Ecrypted_flag = Key

hashtag
Decryption code

we know that HTB flags always start with HTB{ , so we can use this for our advantage and retrieve the key, once we get the key we can decrypt the encrypted flag and get our original flag, lets do the code

This will give us the flag: HTB{rep34t3d_...

And that's it :)

PreviousRSA_102NextThe Last Dance🕺

Last updated