tl;dr Known plaintext attack on a multithreaded AES-CTR

**Challenge Points**: 59**Challenge Solves**:**Solved by**: v3ct0r

This challenge is a customised version of AES-CTR. Here is the challenge script:

1 | import multiprocessing |

After observing the script carefully, we can see that the each block has been parallelly encrypted using multithreading , but here lies the vulnerability!

Since multithreading is used, a few set of blocks are encrypted with the same nonce. Here comes the use of

the given plaintext, since we have many plaintext and ciphertext block pairs we can recover the encrypted

nonce.

It is basically a xor challenge where the encrypted nonces are the keys which when XORed with the plaintext

gives us the ciphertext. So basically the part of the flag maybe XORed with the same key block with which

some of the previous blocks have been XORed. But we donâ€™t which of these is used so we try all of them.

There are two steps involved in solving this challenge:

**Recovering the key sets from the known plaintext-ciphertext pairs**

We can get that by XORing the pt-ct pairs and dividing it into chunks of 16 since each block is 16.**Getting the flag**

Find which key set used to XOR with the flag. Just try all of them and there is nothing else to do but getting

the flag.

Here is the exploit script:

1 | from Crypto.Cipher import AES |

Running the above script gives out the flag as:**p4{at_the_end_of_the_day_you_can_only_count_on_yourself}**!