Rating:

![](images/8-header.png)

# N1TP
### easy | cryptography | 50 points

## Challenge Information
Nina found some new encryption scheme that she apparently thinks is really cool. She's annoying but she found a flag or something, can you deal with her?


## Solution

On connecting to the server, the following text is shown:
```shell
$ nc challenge.ctf.games 32315
NINA: Hello! I found a flag, look!
dc0de91facbe90ee6f652167906ee0d17123cf9e746a63db4b4e7d93040f59331ead9be0b2fe
NINA: But I encrypted it with a very special nonce, the same length as the flag! I heard people say this encryption method is unbreakable! I'll even let you encrypt something to prove it!! What should we encrypt?
```

I tried various inputs, but nothing struck until I typed one of the flags from the other challenges as input.

```shell
flag{e04f962d0529a4289a685112bfldcdd3}
NINA: Ta-daaa!! I think this is called a 'one' 'time' 'pad' or something?
dc0de91face292ed3f3f7337c368b4d02c26cdce7d3537df40497c9b5509063c4aafceb5e3fe
NINA: Isn't that cool!?! Want to see it again?
Sorry, I forget already what was it you wanted to see again?
```

The first few characters of the ciphertext of the flag and the input I gave are very similar. So there has to be some common value.

After a while, my notice went towards the words "One time pad". Immediately went to google and find out possible solutions.

I was reminded of an attack called the "Known Plaintext Attack" which I had learnt in a network security class last year.
> If the ciphertext and its corresponding plaintext is known, the one time pad can easily be retrieved by XORing the plaintext and ciphertext.

Having only learnt the theory to this, I wasn't sure how to actually XOR two values of different lengths and encodings (plaintext is in ascii, ciphertext is in hex). So off I went to Google again to look for any help on this.

I ended up finding a writeup for a very similar CTF challenge! ([CR2-Many time secrets - AlexCTF 2017](https://ctftime.org/writeup/5589))

This particular writeup used a tool called [cribdrag](https://github.com/SpiderLabs/cribdrag), which includes a python script called [xorstrings.py](https://github.com/SpiderLabs/cribdrag/blob/master/xorstrings.py). This is exactly what I needed to complete this challenge

I modified xorstrings.py to suit this challenge, by changing the parameters (s1 and s2) to the plaintext and ciphertext respectively.

snippet from [xorstrings.py](src/xorstrings.py)
```python
s1 = "dc0de91face292ed3f3f7337c368b4d02c26cdce7d3537df40497c9b5509063c4aafceb5e3fe".decode('hex')
s2 = "flag{e04f962d0529a4289a685112bfldcdd3}"

s3 = sxor(s1, s2)

# python2 syntax
print s3.encode('hex')
```

Running this returns the one-time-pad as output.

```shell
$ python xorstrings.py
ba618878d787a2d959064505a75881e21547f9fc450c56e9787c4daa676b60502eccaad1d083
```

Then I modified xorstrings.py again, this time changing the parameters to the one time pad and the flag's ciphertext, saved it as xorstrings1.py

snippet from [xorstrings1.py](src/xorstrings1.py)
```python
s1 = "ba618878d787a2d959064505a75881e21547f9fc450c56e9787c4daa676b60502eccaad1d083".decode('hex')
s2 = "dc0de91facbe90ee6f652167906ee0d17123cf9e746a63db4b4e7d93040f59331ead9be0b2fe".decode('hex')

s3 = sxor(s1, s2)

# python2 syntax
print s3
```

Running this returns the flag for the challenge!

```shell
$ python xorstrings1.py
flag{9276cdb76a3dd6b1f523209cd9c0a11b}
```

Flag: `flag{9276cdb76a3dd6b1f523209cd9c0a11b}`

Original writeup (https://github.com/piyagehi/CTF-Writeups/blob/main/2021-HacktivityCon-CTF/08-N1TP.md).