CR2: Many time secrets (100 pts)
CTF: AlexCTF 2017
This time Fady learned from his old mistake and decided to use onetime pad as his encryption
technique, but he never knew why people call it one time pad!
It seems that there are 11 ciphertexts which have been cyphered using the same One-Time Pad (OTP).
A known attack in this kind of scenario is the 'Many Time Pad Attack' described here:
Many Time Pad Attack - Crib Drag
The phases of the attack are:
1 Guess a word that might appear in one of the messages
2 Encode the word from step 1 to a hex string
3 XOR the two cipher-text messages
4 XOR the hex string from step 2 at each position of the XOR of the two cipher-texts (from step 3)
5 When the result from step 4 is readable text, we guess the English word and expand our crib search.
6 If the result is not readable text, we try an XOR of the crib word at the next position.
There is an implementation of this attack using Python:
According to the author:
" This code investigates the properties of the one time pad - specifically that it can easily be broken if the same key is used more than once!
Given 10 ciphertexts encrypted using the same key, we can break the encryption, and generate all the plaintexts"
We just modify the script so the strings c[1..10] are initialized with our own 10 first ciphertexts.
Besides that, we configure an additional line at the end of ths script in order to print the reversed OTP key ('final_key_hex'):
We execute the script:
So the computed OTP key in hex format is:
Upon converting the hex string to ASCII, we get:
So we can infer that the flag is: