Golden Dawning

@mrexcessive WHA

EKOparty15 cry200 Perfect security

The problem

Description: It is not maybe so perfect.

Hints: Use the golden math!

Attachment: crypto200.zip
Crypto

The solution

So... I don't usually get anywhere with the hard crypto challenges, all that ECC and Prime Number messing about... BUT this one looks like it's an XOR solver, so there is some hope.

The hint seems extremely blatant to me... golden ratio - or Phi...
Check out Numberphile for background http://www.numberphile.com/videos/making_golden_ratio_song.html
well maybe not that specific page... but somewhere on numberphile... Just go check out numberphile generally ... do it now!

OK... back from Numberphile ?

It is an XOR... Phi is a long stream of numbers... Perfect security (in crypto sense) is often descibed as an XOR with a never repeating, never disclosed pattern.

But... the truth will out !

Looking at the zip file:

Archive:  zip/crypto200.zip
 Length   Method    Size  Cmpr    Date    Time   CRC-32   Name
--------  ------  ------- ---- ---------- ----- --------  ----
   19402  Defl:N    10634  45% 2015-08-27 00:14 036a7123  output.enc
   10456  Defl:N     2533  76% 2015-08-26 03:28 629c8d20  perfect
--------          -------  ---                            -------
   29858            13167  56%                            2 files

OK So on the face of it you pass two files as command line arguments to ./perfect
This xors them together and produces binary output as a hex dump
Tested with eg.txt "ABCD" and pad.txt "1234"

The output.enc we have been given ends like this:

0004a50: 3062 3737 3232 6639 6637 3062 6537 3231  0b7722f9f70be721
0004a60: 6366 6563 6239 6230 3231 6638 3431 3265  cfecb9b021f8412e
0004a70: 6531 3363 3166 6538 6662 6161 6631 6635  e13c1fe8fbaaf1f5
0004a80: 3739 3765 3635 3462 3863 3933 6139 3835  797e654b8c93a985
0004a90: 3739 3434 3038 3362 3063 3138 3035 3764  7944083b0c18057d
0004aa0: 3830 6232 6161 3264 3761 6534 6639 3938  80b2aa2d7ae4f998
0004ab0: 6535 3638 3832 6439 3639 6163 3336 3637  e56882d969ac3667
0004ac0: 6530 3032 3965 6531 6264 3334 3237 6661  e0029ee1bd3427fa
0004ad0: 3737 3735 3737 3766 3236 3061 3634 6539  7775777f260a64e9
0004ae0: 3833 3739 6564 6538 3237 3638 3930 3637  8379ede827689067
0004af0: 6436 6638 3964 6137 3535 3238 3135 3464  d6f89da75528154d
0004b00: 3030 3633 6464 3630 3532 3330 3365 3330  0063dd6052303e30
0004b10: 3039 3331 3338 3338 3335 3333 3333 3330  0931383835333330
0004b20: 3337 3336 3332 3333 3330 3335 3335 3336  3736323330353536
0004b30: 3333 3338 3331 3336 3333 3331 3336 3334  3338313633313634
0004b40: 3330 3331 3339 3332 3332 3334 3335 3334  3031393232343534
0004b50: 3335 3330 3333 3332 3335 3337 3336 3335  3530333235373635
0004b60: 3336 3337 3333 3339 3332 3335 3339 3339  3637333932353939
0004b70: 3337 3336 3335 3331 3337 3335 3333 3330  3736353137353330
0004b80: 3338 3330 3331 3334 3332 3337 3331 3336  3830313432373136
0004b90: 3330 3337 3331 3334 3333 3330 3338 3337  3037313433303837
0004ba0: 3331 3338 3338 3336 3332 3338 3335 3339  3138383632383539
0004bb0: 3338 3333 3336 3330 3333 3337 3334 3336  3833363033373436
0004bc0: 3335 3330 3335 3337 3331                 3530353731

That sticks out a mile.

The very end is just digits... final three rows for example are a the sequence
313838363238353938333630333734363530353731
Which is Ascii (in hex) for the digit sequence:

1 8 8 6 2 8 5 9 8 3 6 0 3 7 4 6 5 0 5 7 1

So I have one thing to try... does that sequence occur anywhere in an expansion of Phi ?

We need an expansion of Phi... To the Google...

I found 20k digits of golden ratio here http://www.goldennumber.net/phi-million-places/

It turns out that sequence occurs at offset 9700

So... probably... perhaps...
Get the appropriate section of Phi from the downloaded expansion...
Turn output.enc from hex into binary (some of which is hex!)
Turn the expanded Phi section into hex
XOR... and out pops a flag ??

Well it was a bit more involved... the key was 9701 bytes long and repeated once.

Python to do the file mangling:

#!/usr/bin/python

encrypted_fname = "output.enc"
encrypted_bin_fname = "encrypted.bin"
phidata_fname = "Phi20000"
pad_fname = "pad.key"

f = open(phidata_fname,"rb")
phiraw = f.read()
f.close()

#Truncate phi at 19402 / 2 digits
phi = phiraw[:(19402 / 2)]

#Write phi out as pad
f = open(pad_fname,"wb")
f.write(phi)
f.close()

#Read output.enc as hex and turn to binary
f = open(encrypted_fname,"rb")
d = f.read()
f.close()

d = d.decode("hex")

#Write out as encrypted.bin
f = open(encrypted_bin_fname,"wb")
f.write(d)
f.close()

print "Now ls to check lengths then do..."
print "./perfect encrypted.bin pad.key"

And then take the output... and that is a GIF file...
rename and inspect with GIMP.

Flag ! EKO{perfect_cipher_with_a_weak_key_not_so_perfect}