[WARGAME NDH 2016] Write-Up – Crypto: OMG So Encrypted !

11
Jul
2016
  • Google Plus
  • LinkedIn
  • Viadeo
Posted by: Yann C.  /   Category: Cryptanalyze / Cryptology / / / / /   /   No Comments

Write-up of the challenge “Crypto – OMG So Encrypted !” of Nuit du Hack 2016 Wargame

The weekend of 02-03 july 2016 is the WARGAME of the Nuit du Hack 2016 as a Jeopardy CTF. Having had the opportunity and the time to participate with some colleagues and friends, here’s a write-up resolution of the challenges which we could participate.

  • Category: Crypto
  • Name: OMG So Encrypted !
  • Description : Some very confidential information were encod^Wencrypted in order to hide it from hackers like you. Are you able to retrieve it?
  • URL : http://static.wargame.ndh/omg_so_encrypted.txt
  • Points : 100

tl;dr : ROT13 decode then semantic analysis

We retrieve the content of the text file:

Guvf grkg vf urer gb fvzhyngr n frzragvp nanylfvf. Vg zrnaf gung jura lbh trg n
pbecbengr qbphzrag, lbh hfhnyyl unir gb ernq vg naq nanylfr vg orsber lbh trg
gur hfrshy vasbezngvba. Gur synt fgnegf jvgu 'aqu2x16_'. Nsgre gung, gurer vf
gur unfu. irel svefg yrggre bs gur unfu frrzf gb or 1. friragrragu yrggre bs
gur unfu nccrnef gb or 4. ryriragu yrggre bs gur unfu nccrnef gb or 5. gjragl-
frpbaq yrggre bs gur unfu jvyy unir gur inyhr bs s. fvkgrragu yrggre bs gur
unfu vf 0. gjragl-guveq yrggre bs gur unfu fubhyq or p. guveq yrggre bs gur
unfu frrzf gb or 0. fvkgu yrggre bs gur unfu frrzf gb or 5. gjragl-fvkgu yrggre
bs gur unfu jvyy unir gur inyhr bs 0. rvtugu yrggre bs gur unfu jnf frg gb 2.
guvegrragu yrggre bs gur unfu jnf frg gb 1. svsgrragu yrggre bs gur unfu fubhyq
or o. gragu yrggre bs gur unfu frrzf gb or s. gjragl-friragu yrggre bs gur unfu
jnf frg gb s. svsgu yrggre bs gur unfu jnf frg gb 9. gjrysgu yrggre bs gur unfu
nccrnef gb or n. guvegl-frpbaq yrggre bs gur unfu fubhyq or q. gjragl-avagu
yrggre bs gur unfu frrzf gb or 0. gjragl-svefg yrggre bs gur unfu jnf frg gb p.
avargrragu yrggre bs gur unfu frrzf gb or p. gjragl-rvtugu yrggre bs gur unfu
frrzf gb or r. sbhegu yrggre bs gur unfu jnf frg gb 4. avagu yrggre bs gur unfu
vf n. gjragvrgu yrggre bs gur unfu jvyy unir gur inyhr bs 1. guvegl-svefg
yrggre bs gur unfu fubhyq or 6. rvtugrragu yrggre bs gur unfu jvyy unir gur
inyhr bs r. frpbaq yrggre bs gur unfu frrzf gb or 8. sbhegrragu yrggre bs gur
unfu fubhyq or p. gjragl-svsgu yrggre bs gur unfu fubhyq or 5. gjragl-sbhegu
yrggre bs gur unfu jvyy unir gur inyhr bs o. friragu yrggre bs gur unfu fubhyq
or 6. guvegvrgu yrggre bs gur unfu jnf frg gb 9.

The “slip” from the definition of the challenge, replacing “encoded” with “encrypted” directs us to a potentially weak algorithm, obsolete or historical. The Caesar Cipher (rot13) is doing well in this case.

Try to decode it with ROT13 online :

This text is here to simulate a sementic analysis. It means that when you get a corporate document, you usually have to read it and analyse it before you get the useful information. The flag starts with 'ndh2k16_'. After that, there is the hash. very first letter of the hash seems to be 1. seventeenth letter of the hash appears to be 4. eleventh letter of the hash appears to be 5. twenty- second letter of the hash will have the value of f. sixteenth letter of the hash is 0. twenty-third letter of the hash should be c. third letter of the hash seems to be 0. sixth letter of the hash seems to be 5. twenty-sixth letter of the hash will have the value of 0. eighth letter of the hash was set to 2. thirteenth letter of the hash was set to 1. fifteenth letter of the hash should be b. tenth letter of the hash seems to be f. twenty-seventh letter of the hash was set to f. fifth letter of the hash was set to 9. twelfth letter of the hash appears to be a. thirty-second letter of the hash should be d. twenty-ninth letter of the hash seems to be 0. twenty-first letter of the hash was set to c. nineteenth letter of the hash seems to be c. twenty-eighth letter of the hash seems to be e. fourth letter of the hash was set to 4. ninth letter of the hash is a. twentieth letter of the hash will have the value of 1. thirty-first letter of the hash should be 6. eighteenth letter of the hash will have the value of e. second letter of the hash seems to be 8. fourteenth letter of the hash should be c. twenty-fifth letter of the hash should be 5. twenty-fourth letter of the hash will have the value of b. seventh letter of the hash should be 6. thirtieth letter of the hash was set to 9

An intelligible text! Which details how the flag is formed. Only by analyzing the “meaning” of the message, sentences indicating the position of each character in the flag are randomly distributed.

Either we are moving towards a manual decoding (where errors can creep), or we made a small script that does the work for us:

  • Decoding the original cipher
  • Restoring all the text in one line
  • Slip on the “.” char each sentence
  • We get the first word of each sentence (order)
  • Recovering the last character of each sentence (of the flag)
  • Order all char in their right positions
import codecs
import sys

cipher="""
Guvf grkg vf urer gb fvzhyngr n frzragvp nanylfvf. Vg zrnaf gung jura lbh trg n
pbecbengr qbphzrag, lbh hfhnyyl unir gb ernq vg naq nanylfr vg orsber lbh trg
gur hfrshy vasbezngvba. Gur synt fgnegf jvgu 'aqu2x16_'. Nsgre gung, gurer vf
gur unfu. irel svefg yrggre bs gur unfu frrzf gb or 1. friragrragu yrggre bs
gur unfu nccrnef gb or 4. ryriragu yrggre bs gur unfu nccrnef gb or 5. gjragl-
frpbaq yrggre bs gur unfu jvyy unir gur inyhr bs s. fvkgrragu yrggre bs gur
unfu vf 0. gjragl-guveq yrggre bs gur unfu fubhyq or p. guveq yrggre bs gur
unfu frrzf gb or 0. fvkgu yrggre bs gur unfu frrzf gb or 5. gjragl-fvkgu yrggre
bs gur unfu jvyy unir gur inyhr bs 0. rvtugu yrggre bs gur unfu jnf frg gb 2.
guvegrragu yrggre bs gur unfu jnf frg gb 1. svsgrragu yrggre bs gur unfu fubhyq
or o. gragu yrggre bs gur unfu frrzf gb or s. gjragl-friragu yrggre bs gur unfu
jnf frg gb s. svsgu yrggre bs gur unfu jnf frg gb 9. gjrysgu yrggre bs gur unfu
nccrnef gb or n. guvegl-frpbaq yrggre bs gur unfu fubhyq or q. gjragl-avagu
yrggre bs gur unfu frrzf gb or 0. gjragl-svefg yrggre bs gur unfu jnf frg gb p.
avargrragu yrggre bs gur unfu frrzf gb or p. gjragl-rvtugu yrggre bs gur unfu
frrzf gb or r. sbhegu yrggre bs gur unfu jnf frg gb 4. avagu yrggre bs gur unfu
vf n. gjragvrgu yrggre bs gur unfu jvyy unir gur inyhr bs 1. guvegl-svefg
yrggre bs gur unfu fubhyq or 6. rvtugrragu yrggre bs gur unfu jvyy unir gur
inyhr bs r. frpbaq yrggre bs gur unfu frrzf gb or 8. sbhegrragu yrggre bs gur
unfu fubhyq or p. gjragl-svsgu yrggre bs gur unfu fubhyq or 5. gjragl-sbhegu
yrggre bs gur unfu jvyy unir gur inyhr bs o. friragu yrggre bs gur unfu fubhyq
or 6. guvegvrgu yrggre bs gur unfu jnf frg gb 9.
""".rstrip()

# Define all ordinal
order = [ "very", # "very first"
 "second", 
 "third", 
 "fourth", 
 "fifth", 
 "sixth", 
 "seventh", 
 "eighth", 
 "ninth", 
 "tenth", 
 "eleventh", 
 "twelfth", 
 "thirteenth", 
 "fourteenth", 
 "fifteenth", 
 "sixteenth", 
 "seventeenth", 
 "eighteenth", 
 "nineteenth", 
 "twentieth", 
 "twenty-first", 
 "twenty-second", 
 "twenty-third",
 "twenty-fourth", 
 "twenty-fifth", 
 "twenty-sixth", 
 "twenty-seventh", 
 "twenty-eighth", 
 "twenty-ninth", 
 "thirtieth", 
 "thirty-first", 
 "thirty-second"
 ]

dic = {}

# ROT13 decode, clean newline and clean composed-ordinal :
decoded=codecs.decode(cipher, 'rot_13').replace("\n", " ").replace("- ", "-");

# Cut all sentences
arrayDecoded=decoded.split('.')

for line in arrayDecoded:
 line = line.strip()
 print line
 lineSplited = line.split()
 if len(lineSplited) > 0:
 # Get the first word of line (ordinal)
 firstWord = lineSplited[0]
 # Save the last char (part of flag)
 lastChar = line[-1]
 if firstWord in order:
 # Store the last char in right order
 dic[firstWord] = lastChar
 
# Print the flag
sys.stdout.write("Flag : ndh2k16_")
for o in order:
 sys.stdout.write(dic[o])

Run it :

$ python omg_so_encrypted.py
This text is here to simulate a sementic analysis
It means that when you get a corporate document, you usually have to read it and analyse it before you get the useful information
The flag starts with 'ndh2k16_'
After that, there is the hash
very first letter of the hash seems to be 1
seventeenth letter of the hash appears to be 4
eleventh letter of the hash appears to be 5
twenty-second letter of the hash will have the value of f
sixteenth letter of the hash is 0
twenty-third letter of the hash should be c
third letter of the hash seems to be 0
sixth letter of the hash seems to be 5
twenty-sixth letter of the hash will have the value of 0
eighth letter of the hash was set to 2
thirteenth letter of the hash was set to 1
fifteenth letter of the hash should be b
tenth letter of the hash seems to be f
twenty-seventh letter of the hash was set to f
fifth letter of the hash was set to 9
twelfth letter of the hash appears to be a
thirty-second letter of the hash should be d
twenty-ninth letter of the hash seems to be 0
twenty-first letter of the hash was set to c
nineteenth letter of the hash seems to be c
twenty-eighth letter of the hash seems to be e
fourth letter of the hash was set to 4
ninth letter of the hash is a
twentieth letter of the hash will have the value of 1
thirty-first letter of the hash should be 6
eighteenth letter of the hash will have the value of e
second letter of the hash seems to be 8
fourteenth letter of the hash should be c
twenty-fifth letter of the hash should be 5
twenty-fourth letter of the hash will have the value of b
seventh letter of the hash should be 6
thirtieth letter of the hash was set to 9

Flag : ndh2k16_18049562af5a1cb04ec1cfcb50fe096d

Flag : ndh2k16_18049562af5a1cb04ec1cfcb50fe096d

Thank you to all the team of the NDH2K16 for this event and for the whole organization!

Greeting to nj8, St0rn, Emiya, Mido, downgrade, Ryuk@n and rikelm, ? // Gr3etZ

Sources & resources :

  • Google Plus
  • LinkedIn
  • Viadeo
Author Avatar

About the Author : Yann C.

Consultant en sécurité informatique et s’exerçant dans ce domaine depuis le début des années 2000 en autodidacte par passion, plaisir et perspectives, il maintient le portail ASafety pour présenter des articles, des projets personnels, des recherches et développements, ainsi que des « advisory » de vulnérabilités décelées notamment au cours de pentest.