Ciphper

Solved by: Sowmya (@__4lph4__)

Description:

Background story: this code was once used on a REAL site to encrypt REAL data. Thankfully, this code is no longer being used and has not for a long time.

A long time ago, one of the sites I was building needed to store some some potentially sensitive data. I did not know how to use any proper encryption techniques, so I wrote my own symmetric cipher.

The encrypted content in output.bin is a well-known, olde English quote in lowercase ASCII alphabetic characters. No punctuation; just letters and spaces.

The flag is key to understanding this message.

Take a look at the challenge script for better understanding: 

<?php

function secure_crypt($str, $key) {
  if (!$key) {
    return $str;
  }

  if (strlen($key) < 8) {
    exit("key error");
  }

  $n = strlen($key) < 32 ? strlen($key) : 32;

  for ($i = 0; $i < strlen($str); $i++) {
    $str[$i] = chr(ord($str[$i]) ^ (ord($key[$i % $n]) & 0x1F));
  }

  return $str;
}

Output: 

sf'gh;k}.zqf/xc>{j5fvnc.wp2mxq/lrltqdtj/y|{fgi~>mff2p`ub{q2p~4{ub)jlc${a4mgijil9{}w>|{gpda9qzk=f{ujzh$`h4qg{~my|``a>ix|jv||0{}=sf'qlpa/ofsa/mkpaff>n7}{b2vv4{oh|eihh$n`p>pv,cni`f{ph7kpg2mxqb

Through the code given, it can be understood that this is a classical multi byte xor with a small modification. Observe the line: $str[$i] = chr(ord($str[$i]) ^ (ord($key[$i % $n]) & 0x1F)); Other than the XOR operation there is an extra AND operation. On some observation I found that this AND operation converts ord(a) to 1 , ord(b) to 2 , ord(c) to 3 .. Next, I used the flag format 'gigem{' to find the first few characters of the quote. After getting the quote characters, some googling helped me in finding the correct quote which I used for finding the key. Key found is random bytes because of &0x1f. It was further decoded to get the flag bytes.

Doing all this gave me the flag as: gigem{dont\^roll\^your\^own\^crypto} which wasn't correct on submission. Finally, I understood that ^ and ~ give the same output due to the AND operation. So after changing ^ characters to ~ gave me the flag.

Flag: gigem{dont~roll~your~own~crypto}