Double DES

double_des/ddes.py

@@ -0,0 +1,50 @@
+#!python3
+from Crypto.Cipher import DES
+import binascii
+import itertools
+import random
+import string
+
+
+def pad(msg):
+    block_len = 8
+    over = len(msg) % block_len
+    pad = block_len - over
+    return (msg + " " * pad).encode()
+
+def generate_key():
+    return pad("".join(random.choice(string.digits) for _ in range(6)))
+
+
+FLAG = open("flag").read().rstrip()
+KEY1 = generate_key()
+KEY2 = generate_key()
+
+
+def get_input():
+    try:
+        res = binascii.unhexlify(input("What data would you like to encrypt? ").rstrip()).decode()
+    except:
+        res = None
+    return res
+
+def double_encrypt(m):
+    msg = pad(m)
+
+    cipher1 = DES.new(KEY1, DES.MODE_ECB)
+    enc_msg = cipher1.encrypt(msg)
+    cipher2 = DES.new(KEY2, DES.MODE_ECB)
+    return binascii.hexlify(cipher2.encrypt(enc_msg)).decode()
+
+
+print("Here is the flag:")
+#print(double_encrypt("abcdef"))
+print(double_encrypt(FLAG))
+
+while True:
+    inputs = get_input()
+    if inputs:
+        print(double_encrypt(inputs))
+    else:
+        print("Invalid input.")
+

double_des/flag

@@ -0,0 +1 @@
+picoCTF{flagFLAG_flagFLAG}

double_des/sol.py

@@ -0,0 +1,71 @@
+#!python3
+from pwn import *
+from Crypto.Cipher import DES
+
+#conn = process(["python3", "./ddes.py"])
+conn = remote("mercury.picoctf.net", 5958)
+conn.recvline()
+flag_encrypted = unhex(conn.recvline())
+log.info("encrypted flag: {}".format(enhex(flag_encrypted)))
+conn.recvuntil(b"? ")
+
+def encrypt_remote(data):
+    conn.sendline(enhex(data).encode())
+    enc = unhex(conn.recvline())
+    conn.recvuntil(b"? ")
+    return enc
+
+def pad(msg):
+    block_len = 8
+    over = len(msg) % block_len
+    pad = block_len - over
+    return (msg + b" " * pad)
+
+def des(data1, data2, k):
+    cipher = DES.new(k, DES.MODE_ECB)
+    return (cipher.encrypt(data1), cipher.decrypt(data2))
+
+def ddes(data, k1, k2):
+    cipher1 = DES.new(k1, DES.MODE_ECB)
+    cipher2 = DES.new(k2, DES.MODE_ECB)
+    return cipher1.decrypt(cipher2.decrypt(data))
+
+msg = b"abcdef"
+log.info("encrypting message remotely: {}".format(msg.decode()))
+denc = encrypt_remote(msg)
+log.info("encrypted message: {}".format(enhex(denc)))
+conn.close()
+
+a, b = des(pad(msg), pad(msg), b"123456  ")
+c, d = des(b, a, b"123456  ")
+assert c == d
+
+to_enc = pad(msg)
+to_dec = denc
+P = log.progress("calculating encryptions...")
+keyspace = 10**6
+encs = set()
+encs_dict = {}
+decs = set()
+decs_dict = {}
+for i in range(keyspace):
+    k = pad(str(i).encode())
+    a, b = des(to_enc, to_dec, k)
+    a = enhex(a)
+    b = enhex(b)
+    encs.add(a)
+    encs_dict[a] = i
+    decs.add(b)
+    decs_dict[b] = i
+
+collisions = encs & decs
+P.success("{} collision(s) found".format(len(collisions)))
+collision = collisions.pop()
+k1 = pad(str(encs_dict[collision]).encode())
+k2 = pad(str(decs_dict[collision]).encode())
+log.info("k1: {}".format(k1.decode()))
+log.indented("k2: {}".format(k2.decode()))
+
+flag = ddes(flag_encrypted, k1, k2)
+log.success("flag: {}".format(flag.decode()))
+