Challenge 4

Challenge to solve

In this challenge, in order to get the flag, we needed to "unlock" the module by passing down the correct key (data2) and plaintext (data1). In usual cases, it would be impossible to find the key and the plaintext with just knowing the ciphertext. In this scenario the challenge module provided a portion of the plaintext which can be used to find the key.

Solution to the challenge

Since we know part of the plaintext that is used to generate the ciphertext, we were able to reverse engineer the encryption algorithm to generate the key that is used to encrypt the plaintext with. Once we have the key, we could easily brute force the algorithm on our own end until we have figured out the complete plaintext. We used the generated key and plaintext to unlock the module and capture the flag.

As you saw in the solution, generating the key and plaintext was relatively direct and quick.

Protecting this vulnerability in production

The fact that the module directly contained part of the plaintext is not very typical in production. There is no reason for the module to hold the partial plaintext other than to make it a valid CTF challenge.

Had we not been given that information, it would take a lot more work to try and generate the key and plaintext. Not knowing any of the plaintext, we would have to directly try all possible key values with all possible plaintext values until we got the same ciphertext. This would take an extremely long time (a very, very long time). Thus, with current technology, it is impossible to brute force the key and plaintext with just knowing the ciphertext.