Published on

UIUCTF 2023 – Three-time pad

Authors
  • avatar
    Name
    Lumy
    Twitter

Three-time pad

We've been monitoring our adversaries' communication channels, but they encrypt their data with XOR one-time pads! However, we hear rumors that they're reusing the pads... Enclosed are three encrypted messages. Our mole overheard the plaintext of message 2. Given this information, can you break the enemy's encryption and get the plaintext of the other messages?

Table of Contents

  1. Source code
  2. Solution

Source code

We are given 4 files : 3 ciphers and 1 plaintext

c1 c2 c3 p2

Solution

We know that they are reusing the same pad, so the key is the same for c1, c2 and c3.

We have the plaintext of the cipher 2 that is plaintext 2. Thus :

p2 ^ key = c2

Which is equivalent to :

key = c2 ^ p2

With the key, we can retrieve the cleartext content of the other ciphers :

def xor_bytes(byte_str1, byte_str2):
    # Perform the XOR operation byte by byte
    result = bytearray()
    for b1, b2 in zip(byte_str1, byte_str2):
        result.append(b1 ^ b2)

    return bytes(result)


with open('c1.txt', 'rb') as fc1:
   c1 = fc1.read()
with open('c2.txt', 'rb') as fc2:
   c2 = fc2.read()
with open('c3.txt', 'rb') as fc3:
   c3 = fc3.read()
with open('p2.txt', 'rb') as fp2:
   p2 = fp2.read()

# Plaintext ^ Cipher = Key
key = xor_bytes(c2, p2)

# Cipher ^ Key = Plaintext
print(xor_bytes(key, c1))
print(xor_bytes(key, c3))

Result :

└─$ python exploit_reuse_pad.py
b'before computers, one-time pads were sometimes'
b'uiuctf{burn_3ach_k3y_aft3r_us1ng_1t}'

FLAG : uiuctf{burn_3ach_k3y_aft3r_us1ng_1t}