tl;dr Known plaintext attack on a multithreaded AES-CTR
Challenge Points: 59
Solved by: v3ct0r
This challenge is a customised version of AES-CTR. Here is the challenge script:
After observing the script carefully, we can see that the each block has been parallelly encrypted using multithreading , but here lies the vulnerability!
Since multithreading is used, a few set of blocks are encrypted with the same nonce. Here comes the use of
the given plaintext, since we have many plaintext and ciphertext block pairs we can recover the encrypted
It is basically a xor challenge where the encrypted nonces are the keys which when XORed with the plaintext
gives us the ciphertext. So basically the part of the flag maybe XORed with the same key block with which
some of the previous blocks have been XORed. But we don’t which of these is used so we try all of them.
There are two steps involved in solving this challenge:
- Recovering the key sets from the known plaintext-ciphertext pairs
We can get that by XORing the pt-ct pairs and dividing it into chunks of 16 since each block is 16.
- Getting the flag
Find which key set used to XOR with the flag. Just try all of them and there is nothing else to do but getting
Here is the exploit script:
from Crypto.Cipher import AES
Running the above script gives out the flag as: