> Can't play CSAW without your favorite block cipher!
>
> nc crypto.chal.csaw.io 5001

Initial connection attempt:

   $ nc crypto.chal.csaw.io 5001
   Hello! For each plaintext you enter, find out if the block cipher used is ECB or CBC. Enter "ECB" or "CBC" to get the flag!
   Enter plaintext:
   XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
   Ciphertext is:  e4667bbed18e16bfc2d6dbbea56d5241e4667bbed18e16bfc2d6dbbea56d5241e4667bbed18e16bfc2d6dbbea56d5241e4667bbed18e16bfc2d6dbbea56d5241e4667bbed18e16bfc2d6dbbea56d5241e4667bbed18e16bfc2d6dbbea56d5241f2a026af8ec44689976f9e280770030c
   ECB or CBC?

The service keeps asking you until you answer wrong.  This appears to
be a straight-forward ECB/CBC oracle, except it isn't.  The service
never sends you a flag and it doesn't seem to hide any data in the
response either (which would allow you to guess the hidden data one
byte at a time, another well-known attack).  Most annoyingly, it
disconnects after anywhere up to 176 consecutive successful tries.

At a later point a cryptic "<200" hint showed up.  Something terrible
dawned upon me, a tale about a CTF task at a qualifying event where an
(unreliable) web service sent out the flag in binary format, using the
presence/absence of a specific part in the HTTP response to signal
0/1.  This story inspired me to log a zero or one, depending on the
detected mode:

   01100110011011000110000101100111011110110100010101000011010000100101111101110010011001010100000001101100011011000111100101011111011100110101010101100011011010110010010001111101
   flag{ECB_re@lly_sUck$}

You are viewing proxied material from brause.cc. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.