Description
Why so small?
nc aes.sunshinectf.org 4200
Author: ps_iclimbthings
Write-up
Short write-up here.
The server asked for a word to be encrypted and then asked the client to encrypt a given text using the same key:
Welcome, I'm using an AES-128 cipher with a 16-bit key in ECB mode.
I'll give you some help: give me some text, and I'll tell you what it looks like
Your text:
blah
1e6bd4581494f5505284c8cae40b7356
Ok, now encrypt this text with the same key: oQuHwqq0DhZmcIIC
blah
Wrong!
As the challenge said that the key had 16 bits I tried to brute force it, with no success.
And then I thought:
Why not use the challenge itself to encrypt the text for me?
First connection:
Welcome, I'm using an AES-128 cipher with a 16-bit key in ECB mode.
I'll give you some help: give me some text, and I'll tell you what it looks like
Your text:
a
99aeb873d384f79c1fdf7f6e221793c5
Ok, now encrypt this text with the same key: Kl7YX0PUxbPKAhME
Second connection:
Welcome, I'm using an AES-128 cipher with a 16-bit key in ECB mode.
I'll give you some help: give me some text, and I'll tell you what it looks like
Your text:
Kl7YX0PUxbPKAhME
b2b1110b5f30b338f6bf4cdd49c24f99
Back to first connection:
Ok, now encrypt this text with the same key: Kl7YX0PUxbPKAhME
b2b1110b5f30b338f6bf4cdd49c24f99
Correct! The flag is sun{Who_kn3w_A3$_cou1d_be_s0_vulner8ble?}
Maybe it was not the intended solution, but it worked. :)
Flag
sun{Who_kn3w_A3$_cou1d_be_s0_vulner8ble?}