Weekly CTF 2013 Write-Up: 9/11 - 9/18

This is a write-up for the CSG CTF problem on: 9/11 - 9/18 - 20 points.

For starters, we are given: I've written up my own simple encryption, think you can break it? decrypt_this.txt

(Later an additional hint was released: So you've got it decoded but it looks like a bunch of garbage? The plaintext is entirely in ASCII and with only 128 characters there's really no reason so many bytes should have the first bit set to 1, inverting it should do the trick. Now the bytes are only a little bit off... You may want to check out Cryptool, maybe it can help....)

Since this is an encryption problem and we are given a Ciphertext, it’s a pretty good idea to open this in CrypTool (use CrypTool 1, CrypTool 2 sucks).

Opening decrypt_this.txt in CrypTool, we get:

cryptool_decrypt_this

The end of decrypt_this.txt has ‘==’, so we can assume this is base64 encoded (base64 uses ‘=’ as padding on the end, if the plaintext isn’t long enough). We can base64 decode in CrypTool (in the CrypTool toolbar: Indiv. Procedures -> Tools -> Codes -> Base64 Encode/Decode -> Base 64 Decode), which will give you: (base64-decrypt_this.txt)

base64_decode_output

Because all of the output is out of the typical ASCII range (nonstandard characters), we XOR (http://en.wikipedia.org/wiki/Exclusive_or) with 0xFF to invert all the values. (XOR is highly used in cryptography and we additionally received a hint, “inverting it should do the trick”; in the CrypTool toolbar: Analysis -> Symmetric Encryption (classic) ->Ciphertext-Only -> XOR / Vernam). We get: (xor-decrypt_this.txt)

xor_decrypt_this

Since all most of the text is printable, were getting closer, but something is still wrong. We assume the plaintext is English and readable, we use byte addition with 0x20 (ASCII value for space character in hex, assuming that the space character is the most common). We get: (byte-addition_decrypt_this.txt)

byte_addition_decrypt_this

Since we have clear text output, skipping to the bottom, we see: “Oh yeah, you probably wanted a key here. The key is the title (all caps) followed by the author's last name (e.g. "THE TITLE AUTHOR")

If you search Google for the first line of the text: “I am Basil Elton, keeper of the North Point light that my father and grandfather kept before me.

google_the_white_ship

We see it is called The White Ship, by H.P Lovecraft. Following the prescribed method for entering the key, we get the flag:

key{THE WHITE SHIP LOVECRAFT}

/endwriteup
-Zack