We have a PNG encrypted image : https://angstromctf.com/static/problems/re/image_encryptor/flag.encrypted .
Softawre used to crypt the image : https://angstromctf.com/static/problems/re/image_encryptor/encryptor.apk
Hint : PNG image
first step decompile encryptor.apk :
The application ask for a password , create the hash of this password and than XOR the PNG image using key=md5(password) .
Routine to encrypt is :
private byte[] encryptData(byte[] paramArrayOfByte1, byte[] paramArrayOfByte2)
{
int i = (byte)paramArrayOfByte2.length;
byte[] arrayOfByte = new byte[paramArrayOfByte1.length];
for (int j = 0; j < paramArrayOfByte1.length; j++) {
arrayOfByte[j] = ((byte)(paramArrayOfByte1[j] ^ paramArrayOfByte2[(j % i)]));
}
return arrayOfByte;
}
Extract 32 Byte from flag.ecrypted :
crypted=553430f1536d0beb5537521568637d36
png_header= 89504e470d0a1a0a0000000d49484452
key = crypted XOR png_header
def xor_strings(xs, ys):
return "".join(chr(ord(x) ^ ord(y)) for x, y in zip(xs, ys))
crypted='553430f1536d0beb5537521568637d36'
png_header='89504e470d0a1a0a0000000d49484452'
binary_a = crypted.decode("hex")
binary_b = png_header.decode("hex")
key= xor_strings(binary_a, binary_b).encode("hex")
print key
dc647eb65e6711e155375218212b3964
Online md5 :
Now xor the flag.encrypted using key = dc647eb65e6711e155375218212b3964 using xortool https://github.com/hellman/xortool
The flag is flag{all_encryption_is_equal_but_some_are_More_equal_than_others}
No comments:
Post a Comment