HSCTF: Super Secure System

Challenge Description:
Written by: Tux

Keith made a SUPER SECURE SYSTEM!!! He claims it is so secure as long as he doesn’t reuse his key…

nc crypto.hsctf.com 8111

Connecting to crypto.hsctf.com at port 8111 gives us super secret key. We can enter our messages and it encrypts them for us.

trying random inputs

We see that when we entered the initial part of the flag hsctf{ it returns us the same bytes from the super secret message.
As mentioned in the description “My encryption system is impossible to crack if used once ” But here they are using the same key throughout the session.

The logic behind this is when we XOR the flag with the super secret message it returns us the same message. Therefore we need to bruteforce each and every character to find the flag.

Bruteforcing :

The total length of the flag would be
106(no of bits in the secret message)/2 = 53 characters (2 bits/character)
As we know the initial flag part of the flag will be hsctf{ (12)and it would end with } (2)so we can remove those from bruteforcing.
Therefore total length to be bruteforced = (106-12–2)/2

Running the above script as python super.py returns us:

and we get our flag :
hsctf{h0w_d3d_y3u_de3cryP4_th3_s1p3R_s3cuR3_m355a9e?}