# 9447 CTF 2015 - randBox

Category: writeupsTags: crypto

## randBox

Crypto - 120 Points

Find your random black box here:

randBox-iw8w3ae3.9447.plumbing port 9447

Note that the order of challenges has changed as of about 2015-11-28 23:00 UTC

### Writeup

I’ve started connecting to the service with netcat

`nc randBox-iw8w3ae3.9447.plumbing 9447`

The server reply with this text:

```
Alphabet is '0123456789abcdef', max len is 64
You need to send a string that encrypts to 'cd7682a4404b2e7205a75449202d8a0a'
Guess 0/21 (Round 1/10)
```

So we will work with hex alphabet of len 32 (max 64) and the challenge is a Chosen Plaintext Attack.

**NB. We have finished this challenge overtime, the Rounds order is based on the randBox.py source code**

**NB. Rounds are 10 but unique Cyphers are 6**

#### Round 1-2

When sending a string like `0123456789abcdef`

the server reply with `54761032dcfe98ba`

.

So (thinking that it’s a Cesar Cipher) we can substitute all the char in the cipher string and get the plain string!

With the first Guess we take the alphabet and with the second we complete the round!

*see cesar function in the python solver*

#### Round 3-4

This was a simple shift (every char shifted of n positions). Lot of team made a different function sending `0`

and getting the position shifting.
I have simply reuse the cesar solver function that will work fine.

*see cesar function in the python solver*

#### Round 5

This was similar to Round 3 and 4, but the shifts are per position in the plaintext rather than constant for whole text. For example first character is shifted by X, second by Y etc.

It’s like a Vigenere Cipher, if we think that the shifting string (made up of every shift positions) is the key.

And in a Vigenere Cipher, the first char in the alphabet is the “mirror” that will reveal our “key”.

So to get the shifts information we send data `00000000000000000000000000000000`

and then decrypt our Cipher string.

*see vige function in the python solver*

#### Round 6

This was a cyclic shift of the input by a random number of positions, dependent on the length of input, so to break it we need to know how many places will the shift be. We get this by sending data `aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa1`

and the couting how many places the 1 has moved.

*see shift function in the python solver*

#### Round 7

`Begin hard round!`

This was a little harder than the previous.

The Cipher start with a random constant, xor that with the first char in the plain string, take the result and xor again with the next char. Something like a cyclic xor.

We send the initial `0`

for get the constant and then make the xor on the cipher string.

*see xorPrev function in the python solver*

#### Round 8

This was also a Cyclic Cipher, but this time was a sum between the current char and the previous char. (modulo 16!)

Sum the constant with the first char, the first char with the second and so on…

We get the constant with `0`

and then we must **subtract** current - previous.

*see sumPrev function in the python solver*

#### Round 9

This was like the Cyclic XOR cipher but every pairs of 2 char was shifted (ex. 0123 -> 1032)

*see xorSwap function in the python solver*

#### Round 10

A Cyclic XOR like Round 7

**Here you can download the randbox_solver.py**

And here the final session with the solver