Readme.md

Challenge accepted

Context

This is the solution for the coding challenge Challenge accepted from Sogeti CTF qualifications 2019.

Explanation

The python code of a server is given.

1. python's RNG is manually seeded with a random value between 1 and 10000
2. The beginning and end of a sha256 hash corresponding to the first generated number is leaked
3. This hash is used as a AES-256 key to encrypt a challenge in CBC mode
4. The leak allows you to retreive the original seed, hence compute the full hash, and decrypt the ciphertext
5. Sending the decrypted challenge back to the server gives you the flag

challenge-accepted.py

#!/usr/bin/env python
# coding: utf-8

from Crypto.Cipher import AES
import random

from pwn import *


def compute_key(seed):
    random.seed(seed)
    key = 0xffffffff
    for _ in range(10):
        key ^= random.randint(0x00000000, 0xffffffff)
    return key


def generate_secrets():
    secret_dict = {}
    for seed in range(1, 10000 + 1):
        key = compute_key(seed)
        hexdigest = hashlib.sha256(str(key)).hexdigest()

        key = '{}...{}'.format(hexdigest[:15], hexdigest[-15:])
        secret_dict[key] = hexdigest

    return secret_dict


def solve():
    secret_dict = generate_secrets()

    p = remote('quals.shadow-league.org', 5002)
    p.newline = '\r\n'

    p.recvuntil('Secret key is ')
    secret_part = p.recvline(keepends=False)
    secret = secret_dict[secret_part].decode('hex')

    p.recvuntil('Encrypted Challenge : ')
    ciphertext = p.recvline(keepends=False).decode('hex')

    p.recvuntil('Give me the challenge (2s) > ')

    aes = AES.new(secret, AES.MODE_CBC, 'LmQHJ6G6QnE5LxbV')
    challenge = aes.decrypt(ciphertext)

    p.sendline(challenge)
    p.recvline()

    # [+] Here is your flag : SCE{Str0ng_s3eds_are_adv1s3d...}
    print p.recvall()


if __name__ == '__main__':
    solve()