# MIX & MASH - InCTF Internationals 2020

tl;dr

• Extract higher bits of secret using input manipulation
• Extract lower bits of secret using the highers bits and input manipulation

Challenge points: 925
No. of solves: 14
Challenge Author: v3ct0r

## Challenge description

 Keep this off the record, cause it is pro stuff


## Initial analysis

Challenge is based on Permutation Based Crypto Algorithm called Proest-OTR, with a custom 64-bit permutation instead of Proest. In the service you could either encrypt any 64 bit message or get the flag if you give the correct secret.

Here is the challenge script :

## Solution :

Step 1: Recovering the most significant half of the key

It is straightforward to see that one can recover the value of the bit k[i] by performing only two queries with related-keys and different nonces and messages. One just has to compare c1 = F(k, n, m, x) and c1 = F(k + ∆i, n ⊕ ∆i, m ⊕ ∆i ⊕ π(∆i) ,x) .

Indeed, if k[i] = 0, then the value l obtained in the computation of c1_ is equal to l ⊕ ∆i and l1 = l ⊕ π(∆i) , hence c1_ = c1 ⊕ ∆i. If k[i] = 1, the latter equality does not hold with overwhelming probability.

Hence you can recover it bit by bit.

Step 2: Recovering the least significant half of the key.

Similarly extract the most signigicant part of the least significant half.

For more details refer this paper

Here is the exploit script:

Here is the Flag: inctf{Wow_U_R_r34lly_g00d_4t_7h1s}