README.md

picoCTF-Gym-Double-DES

You know things are bad if I felt the need to create a writeup for a challenge

What's Going On Here?

This is pretty much standard DES with super small keys except its encrypted twice. We're probably looking to do some sort of meet in the middle attack which is where we leverage the advantage that with keys A and B DEC_A(ENC_A(ENC_B(M))) = ENC_B(M)

What's The Catch?

Honestly the worst part of this challenge is the fact that YOU DON'T WRAP THE SOLUTION with picoCTF{}. Unlike literally every other challenge.

Code Breakdown

I guess since its a write up I'll also break down the code

Talking To The Server

conn = pwn.remote('mercury.picoctf.net', 5958)
conn.recvuntil("Here is the flag:\n")
flag = conn.recvline().decode('utf-8').strip()
conn.recvuntil("What data would you like to encrypt? ")
conn.sendline('111111')
target = conn.recvline().decode('utf-8').strip()
conn.close()

Calculating The ENC_B(M)

for combo in itertools.product(string.digits, repeat=6):
    key = pad(''.join(combo))
    lookup[single_encrypt('111111', key)] = key

Calculating X such that DEC_X(ENC_A(ENC_B(M))) = ENC_B(M)

for combo in itertools.product(string.digits, repeat=6):
    key = pad(''.join(combo))
    candidate_pt = binascii.hexlify(single_decrypt(target, key)).decode()
    if candidate_pt in lookup:
        potential_keys.append({lookup[candidate_pt], key})

Trying The Different Keys Till Something Decodes

for (key1, key2) in potential_keys:
    try:
        print(double_decrypt(flag, key1, key2).decode())
        break
    except:
        continue