TAMU CTF 2018 - LarryCryptCategory: writeups
Tags: tamu-2018 crypto
Reverse - 200 Points
A binary executable called
larrycrypt was provided.
./larrycrypt -R 4 -K "V3c70R" flag
We tried some input for the
larrycrypt binary and we noticed that it was always using
Mu as key, no matter what was the
It was likely some bug, but then the SimpleDES challenge we just solved came to our minds.
The binary was using the same key as the other challenge’s example.
So we thought it was using the same algorithm, but it wasn’t the case.
Larrycrypt was using 6bit blocks for the ciphertext.
The first block of ciphertext was the same as SimpleDES’s first 6bit of cyphertext when using the same key and the same number of rounds. With some more reverse engineering we figured out that larrycrypt was taking the first 12 bits of plaintext, splitting them into
R0, performing the round function and printing only the resulting
So they were using the same round function.
But then the sequence changes, we take the
R output from the round function and use it as
L for the next round along with the next block of ciphertext.
This image shows an example on 3 blocks of data, the output cypertext is made of
L2 won’t be printed.
To decrypt this we need to bruteforce all the possible 6bit last blocks (
L2 in the image), decrypt all the blocks and check if the plaintext is good.
We used our previous implementation of the SimpleDES round function and bruteforce the plaintext with python