Nice challenge, had a pretty hard time with it as i didn’t see a tiny detail.
We’re given the source python code of what’s on the server. Here’s what it looks like, commented :
#!/usr/bin/env python3
import secrets
FLAG = "FAKE_FLAG"
# the encrypt function takes two parameters, sends back the xor of them two.
def encrypt(key, plaintext):
return ''.join(str(int(a) ^ int(b)) for a, b in zip(key, plaintext))
def main():
# keygen
key = format(secrets.randbits(365), 'b')
print("Welcome to the CryptoFarm!")
while True:
command = input('Would you like to encrypt a message yourself [1], get the flag [2], or exit [3] \n>').strip()
try:
if command == "1":
data = input('Enter the binary string you want to encrypt \n>')
# Will allow us to know the key if we feed it a 365 bits long string of 1s.
print("Ciphertext = ", encrypt(key, data))
# THIS !!!! THE KEY VARIABLES IS UNCHANGED AS LONG AS WE DON'T DO COMMAND 1
key = format(secrets.randbits(365), 'b')
elif command == "2":
# Encrypts the flag and sends it back to us
print("Flag = ", encrypt(key, format(int.from_bytes(FLAG.encode(), 'big'), 'b')))
elif command == "3":
print("Exiting...")
break
else:
print("Please enter a valid input")
except Exception:
print("Something went wrong.")
if __name__ == "__main__":
main()
First thing to do : get the encrypted flag. If we encrypt a message first, the key will be regenerated, as commented in the code.