Order

CTF : https://tryhackme.com/room/hfb1order

Challenge: Repeating-Key XOR – Known Plaintext Attack

Scenario: We intercepted an encrypted message believed to be secured using a repeating-key XOR cipher, a classic encryption method known for its weaknesses—particularly when part of the plaintext is known.

Attack Plan: Known Plaintext Attack

Using intelligence gathered, we confirmed that Cipher encrypted the message with a repeating-key XOR scheme and that the message began with the known plaintext "ORDER:".

We leveraged this information to recover the key and decrypt the full message using the following steps:

1. Hex Decode: The encrypted message was given in hexadecimal format. We converted it into raw bytes for XOR operations.

2. Key Recovery: Knowing the plaintext began with "ORDER:", we XORed the first few ciphertext bytes with this string. Since:

   ciphertext_byte = plaintext_byte XOR key_byte We can rearrange to get: key_byte = ciphertext_byte XOR plaintext_byte This gave us the repeating key used for the rest of the ciphertext.

3. Full Decryption: With the recovered key, we repeated (cycled) it across the entire ciphertext and XORed it byte-by-byte to retrieve the full plaintext message.

Let's find out what's the key

🔑 Key Recovery and Decryption

Using a known-plaintext attack and some custom code I wrote, I was able to recover the encryption key. Here's how it worked:

Key Extraction: By XORing the first few bytes of the ciphertext with the known plaintext "ORDER:", my script recovered the repeating key used in the encryption in this case, SNEAKY.

Upon execution of above code, I discovered that the key used for encryption was: SNEAKY

Decryption: Once the key was known, I used it to decrypt the rest of the ciphertext by repeating (cycling) the key and XORing it with the encrypted bytes. The output was the full, readable plaintext message.

Bingo we got our flag