 Hello everyone, my name is John Hammond and I'm going to be showcasing a challenge from angstrom CTF that went on throughout these past couple days. I'd like to show you the crypto challenge called one time bad because it's kind of interesting. It is a one time pad I'm assuming considering the title here kind of a reference to a one time pad cryptography section and technique in here but it's peculiar so it says my super secure service is available now heck even with the source and we can download the source I bet you won't figure it out they give us a service to connect to with netcat and okay we can go ahead and do this so I'm gonna go ahead and open up my terminal I'll bring this over so you can see it and let's make a directory for the CTF because I haven't just yet any in any other videos I'm gonna make a directory for this one time bad and let's hop over there let me make a quick connect.sh script because I think that is a good practice just to have it saved and let's go ahead and download that source to I'm gonna grab that link location and just W get it into this directory all right cool so now we can check out what this is with sublime text and I'm actually gonna connect to the service so we can kind of move back and forth and understand what this is actually doing it says welcome to my one time pad service it's so unbreakable that if you do manage to decrypt my text I'll give you a flag you'll be given the cipher text and a key for samples in the cipher text for what you try to decrypt all will be given in base 64 but when you give your own answer give it an ASCII so it looks like we have two options we can go and enter enter the number one to get a sample or the number two to actually try and decrypt something so if we interact with this we can do number one get a couple samples of this one time pad thing etc etc etc and then if we were to actually try and use the number two I'll go ahead and reconnect so you can see that a little bit better it'll give us this in base 64 which is something that has been encrypted with the one time pad but we would need to go ahead and determine what it is so if I were to answer something it would tell me no we need to actually answer this and that was the key that it had used so we need to figure out how can we reverse this one time pad how can we solve this challenge if you look at the code that's actually using to generate this one time pad it's kind of interesting this OTP function so that one time pad is just doing a regular one time pad cryptography kind of cipher and technique they take one string and they take another string and they are X soaring each specific part of it the interesting thing is though with the one time pad you're using a key that is the exact same length as the original message as the plain text you can see that here in this gen sample function we have p which can be our plain text kind of our message and you can see that k or what they use the key to go ahead and encrypt this with is the length of the plain text so the hard part is how can we determine a one time pad or how can we determine a key if we could never potentially know what the next key the next character in the key is there aren't any easy attacks for this sort of thing the strength of the one time pad is that you can only use this key one time the gimmick with a lot of these if you see them in challenges in capital flag it's that maybe that key will be reused or you as the operator you as the player interacting with it will be able to encrypt something and maybe encrypt something multiple times and then see okay now we now we could potentially break the key because we have lots of different examples where we can control the plain text and we know that this key is being used etc etc the problem is with this challenge is that it's using this gen sample function every single time whether or not we're asking for a choice for of a sample and again it doesn't let us encrypt something of our own that we supply it'll determine a message for us randomly and if we were to go and try to decrypt something well or excuse me try number two to decrypt something it'll still end up using gen sample which as you can see just pulls random letters interesting thing though is that they're doing this random int number of times which could be anything between okay a length of one to length of 30 peculiar and they're all using ascii characters this is where you might kind of notice well hang on what if I were to keep tinkering with this and request samples where I were to eventually get something that were really really small you can see some of these guys here they're kind of tiny there is even the potential to get one string that is literally only one character long in that case we know that the key will only have to be one character and since we know it's only in the range of the alphabet well perhaps we have the opportunity to get something or solve and decrypt something would just kind of a blind guess just a brute force where we would say okay maybe something actually did end up with a one-length message and a one-length plane print excuse me plain text one length cipher text one length key so what we could do is to spam this service repeatedly until we actually got something that was only one length long and you can see okay maybe three is an option etc but we know there will be one potential case where hey we might get lucky and only one length key cipher text message will pop out so what we could do is we can hammer this service that's kind of the gimmick for this challenge maybe there's another way to solve it but that is what I kind of thought so let's go ahead and create an ape.py script and I'm going to go ahead and beat this thing up so I'll use user bin environment python as my shebang line I'm going to be using python 3 as python 2 is dead so let's do front bone import all we have our simple connect script so I'll just grab that line here so I could copy out the host make a simple variable for that that's obviously going to be a string and I'll grab the port as well so that way we can connect to it I'll just say s there's kind of a throwaway variable for our remote connection we're connecting to that host in the port and I'm using this remote function out of the ponetools library that's why I use the front bone import star because now they're all already included in my namespace so we could do just kind of a sanity check let's print out what we receive and make sure we can actually get something with that so let's run our ape script open the connection and you can see that prompt is coming right there really simple really easy we know that's going to be displayed every time we connect but since we could repeatedly try and request things to decrypt we could just start a loop where we might try to decrypt one thing offer one like hey could I try and decrypt something that choice number two and repeatedly just send the letter a honestly that's literally it to see maybe we could get something depending on the length of this random generator to get something that we could decrypt with just a blind guest just with the brute force another idea I had was hey could I just span this over and over again and maybe eventually wait until the pseudo random number generator recycle and start again but I feel like that's just more exhaustion than it needs already let's go ahead and do s.receive to get our sample or let's first we should send the number two right because that is the choice that we're gonna make we'll receive some input and I'll go ahead and display that out just so we can kind of see this in action and then we'll go ahead and send what we want it to decrypt as because when we were interacting with the service we knew that okay you said ask it for something to decrypt and you could answer it with a if you were to get it correct which we could see in the source it would just go ahead and spit out the flag we know the flag format for the ctf is actf that's just kind of been what angstrom has went with so we could test hey is that actually in our result let's say answer just create a variable for this let's go ahead and print that out just to have it in case things go wrong but we'll also test if the actf kind of flag format is in that answer what we'll do is we can I don't know display it again or we'll just go ahead and quit we'll say okay stop herring the service now we've already got what we want here so let's try this right now we just have a one-time shot and it's very likely or unlikely that we will get it or won't get it but this actually brings up a good point because i'm using python 3 and using pawn tools in that rendition what that remote and that socket object is going to bring in and out their input and output is done in bytes so I need to prefix this actf with a b I've already used that with python 2 it would probably handle it just fine um there we go yeah you see that that b prefix isn't there for things use python 3 it's python 2 is dead I saw a lot of stuff in the ctf that was saying hey use python 2 and it's like don't do that don't don't do that there we go okay now we can just loop this and hammer it until eventually we find our flag let me do that while one and then just chunk that out to a new logic branch and hammer the service eventually promise I please I promise you can believe me please trust me this will eventually get it um I actually got really lucky with it when I just kind of spam this and then I would open other connections and just try it again I don't know why and eventually it got it and there we go okay cool so what we did is we abused the fact that it would only supply a random length string and because of that could potentially be literally a length of one well if we were to decrypt that again we know okay we've only got some potential possibilities for what the string might be and a is a fine candidate because just literally choosing one value in the original alphabet what would be the plain text or what would be built out of the key that works just fine for us so there's our flag actf and what we could do if we wanted to kind of streamline this to a answer get flag script then we could move ape to get flag dot pie let's hide on three that excuse me python three get flag eventually it will try eventually eventually it will return the flag for you because it's just hammering the service until it gets lucky with the random number I thought this was a strange challenge right because it's not showcasing any weakness or vulnerability with a one-time pad maybe it's just showcasing so you learn what a one-time pad is but the vulnerability or at least what we can abuse and take advantage of in this case is the fact that well we might get lucky with the super duper tiny one length string and that's pretty awesome so there we go that is that flag that is that challenge we can go ahead and finish here and now I've marked that as complete with what that finished script does if you don't know what that is I went ahead and created it in my pico ctf challenge where all it would do is it would take the current directory move that directory to now with the complete suffix and then I would move back into the previous directory the parent directory so that way I could move on to another challenge so that's that that is the one-time bad challenge what you could submit and get 100 points for for angstrom ctf easy peasy thank you guys so much for watching I hope you guys enjoyed this video if you did please do press that like button if you didn't like it press the dislike button twice so I know you didn't like it that much and do all the youtube algorithm things subscribe comments um hit the bell thing and I'd love to see you guys on my discord server there's a link in the description tons of smart people in there love to see you guys on patreon I really appreciate your support love to see you on paypal live on facebook love to see you on instagram love to see you on twitter link to see you on linked in all right that's the end of the video thank you guys I love you I'll see you in the next one