HackDay 2024 | Again and again and again and again | [Crypto]

HackDay 2024 - Write-Up - Care the factors ! [Crypto]


Nous avons intercepté une communication sortant du serveur de secours du Syndicat. On dirait qu'un membre s'est fait une porte de secours pour pouvoir discuter avec quelqu'un à l'intérieur... Mais que souhaitait-il dire ?

We've intercepted an outgoing communication from the Syndicate's backup server. It looks like a member has made himself an emergency door so he can chat with someone inside... But what did he want to say?

Paraît-il qu'il discutent de `Hack107` et de l'un de leur équipiers... Utilisez cette information pour déchiffrer les trois conversations.

Decrypt the conversation using the fact that they are talking about `Hack107` and one of their team member...  

Author : Chelinka
Points : 430
Solves : 22

Files analysis

This challenge consist of 4 file, each file is a conversation given in base 64. After decoding each conversation from base64 the result is just raw bytes.

Solving the chall

In order to solve this challenge, I’ve guessed that these files was encrypted using OTP (XOR). I’ve also guessed that the same key was used, we are finally in the case of a many time pad :

\[c_1 = p_1 \oplus k\] \[c_2 = p_2 \oplus k\] \[c_3 = p_3 \oplus k\] \[c_4 = p_4 \oplus k\]

If we XOR a ciphertext with another one, here is what we get :

\[c_1 \oplus c_2 = (p_1 \oplus k) \oplus (p_2 \oplus k)\] \[c_1 \oplus c_2 = p_1\oplus p_2\]

And by XORING each combination possible of ciphertext we can begin to guess a part of a plaintext in order to retrieve the other plaintext and guessing from the new plaintext and so on…

I will not explain in details how I’ve retrieved the flag because that was a long session of plaintext guessing … But here is the plaintext who contain the flag :

Perfect! My new address is and my token is HACKDAY{DO_NOT_USE_SAME_KEY_PLS_ITS_NOT_SAFE}

If you want so usefull documentation about many time pad, here is some interresting doc :

This post is licensed under CC BY 4.0 by the author.