Here's a bunch of files. Someone has done something with these files (apparently, encrypted). To get the flag decrypt everything.
Downloading the ZIP file gives us the following files:
Ok so we have some plaintext and two encrypted files. My mind switches to "known plaintext" attack mode for a moment. Let's check out the Python code. I look at the main function first to see what this generator is doing:
Ok so yeah it's the script they used to generate the encrypted binary files. Nothing out of the ordinary yet.
The first thing I wanted to test was to see happens when the script decrypted something with the wrong key. So I just quickly adjusted the script to do decryption instead. We see in the code that the decryption function is simply calling the encryption function. So the operation it's performing is reversible:
So I don't even need to change the code I just change the inputs to the outputs:
Ok now, how about a key to test with. I could select something at random, but I recalled noticing a "dummy" key in the generator.py in a function called sanity_check:
Yeah, sounds as good as any other dummy key. Let's put that in:
Ok code done, let's run it to make sure it doesn't have any errors and can decode a file (even if the key is wrong):
Great we have a flag.png file, which at this time, I am positively sure is just gibberish binary data. So imagine my surprise when....
Oh ... Hmmm... Was that supposed to happen?
I view the PNG and sure enough, it's the flag. Guys did you really mean to include the actual production key in the sanity_check function?