00:00:02
[Music]
00:00:15
hello world welcome back to another Pico
00:00:17
Jim workout exercise video in this video
00:00:20
we'll be walking through the
00:00:21
cryptography challenge custom encryption
00:00:24
let's get into it can you get sense of
00:00:26
this code file and write the function
00:00:28
that will decode the given encrypted
00:00:30
file content find the encrypted file
00:00:32
here flag info and code file might be
00:00:35
good to analyze and get the flag all
00:00:37
right so I already have those files
00:00:39
downloaded over here so let's go ahead
00:00:40
and open those up in code and see what
00:00:42
we're dealing
00:00:44
with all right so first things first we
00:00:47
have our encrypted flag here with some
00:00:49
other assigned variables and we have our
00:00:52
custom encryption script right here so
00:00:54
let's quickly go through this custom
00:00:56
encryption script and kind of see how it
00:00:57
works so if we scroll to the bottom we
00:01:00
start with Main and we have a message
00:01:02
that's being passed in as an argument to
00:01:04
the script and that message is getting
00:01:06
passed into this test function along
00:01:08
with a string that says tro if we scroll
00:01:12
up a little bit we'll see this test
00:01:13
function and we can see that the message
00:01:16
is the plain text and too is our text
00:01:19
key then we have PNG which are static
00:01:23
values being defined those are getting
00:01:24
checked to see if they're not Prime and
00:01:27
then we have a and b being defined as
00:01:30
random inss of PNG G which they give us
00:01:34
over here so we don't have to worry
00:01:35
about those and then we have a u and a v
00:01:37
variable being calculated by this
00:01:39
generator function which if we scroll up
00:01:41
here is just a simple pal modulus
00:01:44
function so that's that and then we have
00:01:46
a key and a b key also calculated by the
00:01:49
generator function using those unu andv
00:01:51
values calculated from the previous
00:01:54
generator calls here and a shared key is
00:01:57
being assigned to none and then it's
00:01:59
comparing key equal to b key shared key
00:02:01
equal to key so key shared key b key
00:02:05
those all look like they are going to be
00:02:08
equal to each other so whatever key is
00:02:12
which is being generated here is going
00:02:13
to be whatever that key value is that
00:02:16
we're going to need probably later then
00:02:18
we have a semi Cipher which does a
00:02:21
dynamic exor encrypt and if we scroll up
00:02:24
we see that function here and then you
00:02:26
can see that the plain text and the text
00:02:28
key from earlier are also being passed
00:02:30
into it it's storing the key length and
00:02:33
then it's looping through the plain text
00:02:35
and then it's assigning a key character
00:02:38
to a certain position within the text
00:02:40
key so our text key doesn't remain a key
00:02:44
as it is it actually is technically
00:02:46
scrambled because it's pulling different
00:02:48
indexes from it each time this iterates
00:02:51
through the for Loop then we have an
00:02:53
encrypted character which is equal to a
00:02:55
character of the plain text exord to the
00:02:59
key character calculated before and then
00:03:03
it adds it to the overall Cipher text
00:03:05
and Returns the cipher text as our semi
00:03:07
ciper down here then an encrypt function
00:03:10
is called on the semi Cipher and the
00:03:12
shared key which once again is right
00:03:16
here and if we scroll up we'll see that
00:03:18
encrypt function here and all that's
00:03:20
doing is looping through the plain text
00:03:22
and then multiplying the character that
00:03:25
is currently on in the plane text by the
00:03:28
key that we pass in by 311 and then
00:03:31
returning that and that's what we see in
00:03:33
this encrypted flag here that's this
00:03:35
value right here a plain text message
00:03:38
was passed into the script and this is
00:03:40
what came out and this is what we have
00:03:42
to decode which is probably going to be
00:03:43
our flag now I know the challenge said
00:03:46
write the function to decode this but I
00:03:48
like to just do a whole new decrypt
00:03:50
script cuz it's just easier to look at
00:03:52
when they have a side by side and I can
00:03:54
pick and choose what I want to add and
00:03:56
remove and things like that so we're
00:03:58
just going to go ahead and create a new
00:03:59
file file here and we're going to call
00:04:01
it dec. py and I'm going to go ahead and
00:04:06
split that into another window as
00:04:10
well and we're just going to copy these
00:04:13
values from our flag encryption file
00:04:17
here into that dc. py and we're going to
00:04:21
close that since we don't need it
00:04:23
anymore and then we're going to delete
00:04:25
this and change that to an equal sign
00:04:27
and we are good to go to start
00:04:30
now to tackle these types of
00:04:31
cryptography challenges we want to work
00:04:33
backwards right we want to work in
00:04:35
Reverse of whatever was done to encrypt
00:04:37
the flag so we're going to start with
00:04:39
this encrypt function here so we need to
00:04:42
figure out what the shared key is and
00:04:46
what the semi Cipher is since we already
00:04:48
have the cipher so what should we start
00:04:51
with first well we have a and b and we
00:04:53
know a andb belong to the calculation
00:04:55
for the key here so we can start off by
00:04:58
doing a simple key calculation there so
00:05:01
let's go ahead and do that we'll need p
00:05:03
and g because that's also part of the
00:05:11
equation P = 97 G =
00:05:16
31 and we'll also need the generator
00:05:19
function because that's what's actually
00:05:21
calculating the keys we'll need
00:05:32
okay with that out of the way we need to
00:05:35
calculate u and v from these values and
00:05:39
that's very simple we just need to copy
00:05:41
and paste these in fact we don't even
00:05:44
really need U because remember the key
00:05:47
the b key and the shared key are all
00:05:49
going to share the same value so really
00:05:51
we just need V and we need the
00:05:55
key so we'll copy those and paste them
00:05:59
over here
00:06:01
here all right so now we officially have
00:06:04
our key and we're going to want to try
00:06:07
to decrypt our Cipher which is right
00:06:10
here so how are we going to go about
00:06:12
doing that well what we're going to do
00:06:14
is we're going to create a decipher
00:06:19
string and then we're going to say for C
00:06:23
like character in our Cipher from up
00:06:26
here we're going to do decipher
00:06:30
plus equals and the reverse of this
00:06:33
encryption is we need to take this value
00:06:36
or each of these values rather divide
00:06:39
them by 311 divide them by the key and
00:06:41
then that will actually give us the
00:06:44
quotient of the character for our semi
00:06:47
Cipher well each character in our semi
00:06:49
Cipher so again that's our Cipher
00:06:52
character here or number divided 311
00:06:55
divided by our key gives us the quotient
00:06:57
of a character in our Sim Cipher which
00:07:00
we need for our next step in the
00:07:02
decryption process so we will do CHR
00:07:07
right because before it does or so we
00:07:09
need to do CHR because that's the
00:07:11
opposite of
00:07:12
or and we need to do c floor divide
00:07:17
right because we don't want decimals 311
00:07:20
floor divide by the key and if you
00:07:25
calculate the key which we can actually
00:07:27
print out when we run this I believe
00:07:30
it's 12 let's go ahead and print our
00:07:34
progress so
00:07:36
far and test it
00:07:47
out that looks fantastic but as you can
00:07:50
see here that's what our key ended up
00:07:52
being it ended up being 12 so what we
00:07:55
want to do next is calculate our plain
00:07:58
text by rever engineering the dynamic
00:08:01
exor encrypt function but do we really
00:08:03
need to reverse engineer it we know how
00:08:06
exor works right you know you can exort
00:08:08
the plane text with the key and get the
00:08:11
cipher text you can exort the cipher
00:08:12
text with the key and get the plane text
00:08:14
and you can exort the cipher text with
00:08:17
the plain text to get the key so all we
00:08:19
really need to do is figure out what
00:08:21
modification was made to the actual like
00:08:24
key that was entered as part of the test
00:08:27
function down here like our actual
00:08:28
shared key in order to solve this so all
00:08:31
we have to do is well first we'll
00:08:33
actually copy the you know function over
00:08:35
so we can use
00:08:37
it and if you want to see how the key is
00:08:40
actually modified in terms of like what
00:08:43
the actual key is after it's been
00:08:45
modified all we have to do is Define
00:08:50
like a key variable that we can use to
00:08:52
track and whenever the key care is
00:08:55
calculated we'll actually add that key
00:08:58
care to our little key here and remember
00:09:01
this key that we're trying to visualize
00:09:04
here all that's going to be is a
00:09:07
different permutation of this key down
00:09:10
here so we'll do that and then at the
00:09:12
end right before it's returned we'll
00:09:14
print out K just so we can see what it
00:09:17
looks like now we need to actually call
00:09:20
this Dynamic zor encrypt and it should
00:09:22
just decrypt our Cypher Tex
00:09:25
automatically assuming we know what the
00:09:27
rearranged key is so what we can do is
00:09:30
just provided a placeholder and a print
00:09:32
statement down here which we can just
00:09:34
print out the result of that function up
00:09:39
there and we'll put our decipher in and
00:09:42
then we can just put in what we know to
00:09:45
be part of the flag we can do
00:09:48
picoctf like so we can type in part of
00:09:51
the flag format down here that we know
00:09:53
to be actually part of the flag format
00:09:56
because what it's going to do is it's
00:09:57
going to take that flag format and split
00:10:00
it across the cipher text that we're
00:10:02
passing in and we'll actually derive our
00:10:05
key from that cuz remember our key here
00:10:08
is rearranged right here so it's not
00:10:11
going to be just trdo it's going to be
00:10:13
some permutation of trdo like I said
00:10:15
before so we'll just do that and then
00:10:18
we'll go ahead and run it see what
00:10:21
happens notice how this portion of the
00:10:25
flag format that is correct actually
00:10:28
produced our proper permutation of the
00:10:30
key which is Cho in fact it's mostly
00:10:33
reversed with the U ending up at the end
00:10:37
instead of the beginning so what we're
00:10:39
going to do is we're going to copy that
00:10:41
as our key and paste it right here in
00:10:44
place of the Pico CTF flag format and
00:10:47
that's going to give us our actual
00:10:49
decreed flag when I run this code again
00:10:52
so let's go ahead and rerun
00:10:56
it and there's our flag cust D2 crop
00:11:03
t6d whatever that means there's our
00:11:06
actual repeated pattern key across the
00:11:09
entire Cipher text and that's how exor
00:11:12
works if the key doesn't match the
00:11:14
length of the cipher text it repeats it
00:11:16
up until it reaches the length of the
00:11:18
cipher text or plain text rather so
00:11:21
let's go ahead and copy
00:11:24
that paste it
00:11:26
in and submit
00:11:30
all right if you enjoyed the video drop
00:11:31
a like And subscribe to the channel to
00:11:32
show your support turn on post
00:11:34
notifications to get regular injections
00:11:35
of cyber content directly into your feed
00:11:38
check out our patreon join our Discord
00:11:39
and follow us on Twitter links in the
00:11:41
description box down below and leave any
00:11:43
feedback or questions in the comment
00:11:44
section down below this is almond milk
00:11:47
thanks for watching goodbye world
