NahamCon CTF 2025
WU của mình cho giải NahamCon CTF 2025
NahamCon CTF 2025
Crypto
Cryptoclock
Soucre code của bài
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
#!/usr/bin/env python3
import socket
import threading
import time
import random
import os
from typing import Optional
def encrypt(data: bytes, key: bytes) -> bytes:
"""Encrypt data using XOR with the given key."""
return bytes(a ^ b for a, b in zip(data, key))
def generate_key(length: int, seed: Optional[float] = None) -> bytes:
"""Generate a random key of given length using the provided seed."""
if seed is not None:
random.seed(int(seed))
return bytes(random.randint(0, 255) for _ in range(length))
def handle_client(client_socket: socket.socket):
"""Handle individual client connections."""
try:
with open('flag.txt', 'rb') as f:
flag = f.read().strip()
current_time = int(time.time())
key = generate_key(len(flag), current_time)
encrypted_flag = encrypt(flag, key)
welcome_msg = b"Welcome to Cryptoclock!\n"
welcome_msg += b"The encrypted flag is: " + encrypted_flag.hex().encode() + b"\n"
welcome_msg += b"Enter text to encrypt (or 'quit' to exit):\n"
client_socket.send(welcome_msg)
while True:
data = client_socket.recv(1024).strip()
if not data:
break
if data.lower() == b'quit':
break
key = generate_key(len(data), current_time)
encrypted_data = encrypt(data, key)
response = b"Encrypted: " + encrypted_data.hex().encode() + b"\n"
client_socket.send(response)
except Exception as e:
print(f"Error handling client: {e}")
finally:
client_socket.close()
def main():
server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
server.bind(('0.0.0.0', 1337))
server.listen(5)
print("Server started on port 1337...")
try:
while True:
client_socket, addr = server.accept()
print(f"Accepted connection from {addr}")
client_thread = threading.Thread(target=handle_client, args=(client_socket,))
client_thread.start()
except KeyboardInterrupt:
print("\nShutting down server...")
finally:
server.close()
if __name__ == "__main__":
main()
Để ý key được tạo bởi hàm key = generate_key(len(flag), current_time). Seed của hàm random chính là current_time = int(time.time()). Do time được giữ cố định trong mỗi lần ta gọi lên server nên việc mình cần làm chỉ đơn giản là gửi tới server b'\x00' * flag_len thì server sẽ trả về key và lấy key này xor với enc_flag là được
Script:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
from pwn import *
host, port = "challenge.nahamcon.com",30272
def xor(a:bytes,b:bytes)->bytes:
return bytes(x^y for x,y in zip(a,b))
r = remote(host,port)
response = r.recvuntil(b"Enter text to encrypt")
print(response.decode())
for line in response.decode().splitlines():
if "The encrypted flag is:" in line:
enc_flag_hex = line.split(": ")[1]
break
enc_flag = bytes.fromhex(enc_flag_hex)
len = len(enc_flag)
r.sendline(b'\x00'*len)
response = r.recvline()
if b"Encrypted: " in response:
key_hex = response.decode().strip().split("Encrypted: ")[1]
break
key = bytes.fromhex(key_hex)
flag = xor(key,enc_flag)
print(flag)
This post is licensed under CC BY 4.0 by the author.