Skip to content

HackTheBox Cyber Apocalypse CTF 2021: PhaseStream1

TL;DR

  • The cipher is a stream cipher using XOR with a repeated 5-byte key.
  • The flag format CHTB{ is known plaintext.
  • XORing the first 5 ciphertext bytes with CHTB{ reveals the key.
  • The recovered key decrypts the full ciphertext.
  • This is a textbook known-plaintext attack against repeated-key XOR.

Video Walkthrough

HackTheBox Cyber Apocalypse CTF 2021 PhaseStream1 crypto video walkthrough showing known-plaintext XOR key recovery

Challenge Description

The aliens are trying to build a secure cipher to encrypt all our games called "PhaseStream". They've heard that stream ciphers are pretty good. The aliens have learned of the XOR operation which is used to encrypt a plaintext with a key. They believe that XOR using a reapeted 5-byte key is enough to build a strong stream cipher. Such silly aliens! Here's a flag they encrypted this way earlier. Can you decrypt it (hint: what's the flag format?) 2e313f2702184c5a0b1e321205550e03261b094d5c171f56011904

Solution

from pwn import *

# phasestream1
ciphertext = unhex("2e313f2702184c5a0b1e321205550e03261b094d5c171f56011904")
key = xor(ciphertext[0:5], "CHTB{")
info("Phastream1 Key: %s", key)
plaintext = xor(ciphertext, key)
success('Phasestream1 Decrypted: %s', plaintext)

Flag: CHTB{u51ng_kn0wn_pl41nt3xt}