pyre_1

~# cat Question

Python Rev, where all compilation has been decompiled and you're left with the source code in its entirety!
FILE: trial.exe

trial.exe

from base64 import urlsafe_b64decode

strings = ['dOpl3PA4RINDiQQr.OKQm7sRDNNo34TRFK5gAipVKceoNzltCB7UW7K9VEcAr1jdKB9sArq9MDLct1mYaGt4XtcVLOQ==', 
           'jqAaS7XzO5uy7ukY.wu5ZeYGIS8LGhtl20dJ_HdCBDvL8qbZx_f9pe-qebtjasdp5_ZF_OeqHc6_csYsp4JRoIoCARg==', 
           'JAhRxb8R5PSjnTn8.aEYS94tqlK3X9QmSe3o0k9pj0Z3t2maVV1ci9eB8sbfLwgqdVzk0t-BlrMDNwlvNSjwjrIpimQ==']

def pyre_1(msg:bytes, key:bytes) -> bytes:
    ptr = 0
    result = []
    while ptr < len(msg):
        msg_val = msg[ptr]
        key_val = key[ptr % len(key)]
        res_val = msg_val ^ key_val
        result.append(res_val)
        ptr += 1
    result = bytes(result)
    return result

def test_flag(flag:bytes, test_str:str) -> bool:
    key, ct = test_str.split('.')
    key = urlsafe_b64decode(key)
    ct = urlsafe_b64decode(ct)

    if pyre_1(flag, key) == ct:
        return True
    else:
        return False

def main():
    is_correct = True
    flag = open("flag.txt", "rb").read()
    for i in range(3):
        test_str = strings[i]
        if test_flag(flag, test_str) == False:
            is_correct = False
            break

    if is_correct:
        print("Correct!")
    else:
        print("Wrong!")

if __name__ == "__main__":
    main()

The challenge provides a Python script with a custom encryption function pyre_1 and a set of encrypted strings strings. The goal is to recover the flag by reversing the encryption process.

Solution

Understanding the Encryption Function pyre_1
- The pyre_1 function XORs each byte of the message with a corresponding byte from the key.
- The key is repeated cyclically if it's shorter than the message.
Decrypting the Strings
- Each string in the strings list is formatted as <key>.<encrypted_message>.
- We then decode the base64 key and message by XORing them to recover the original message.
Recovering the Flag
- We can apply the XOR operation to each encrypted string with the decoded key to recover the flag.

from base64 import urlsafe_b64decode

def xor(msg:bytes, key:bytes) -> str:
    out = ""
    for i in range(0,len(msg)):
        mval = msg[i]  
        kval = key[i % len(key)]
        out += chr(mval ^ kval)
    return out

s = 'dOpl3PA4RINDiQQr.OKQm7sRDNNo34TRFK5gAipVKceoNzltCB7UW7K9VEcAr1jdKB9sArq9MDLct1mYaGt4XtcVLOQ=='
key = urlsafe_b64decode(s.split('.')[0])
xored_output = urlsafe_b64decode(s.split('.')[1])
flag = xor(xored_output, key)
print(flag)

Flag: LNC24{pYth0n_reVer5iNG_is_s0_mUCH_3as1er_tH4n_b1n4ri5s}

PreviousWelcome2Pwn!NextHACK@AC

Last updated 1 month ago