CTRIME

The encrypt function appends the flag to the plaintext provided by the user. However, the concatenated string is passed to zlib for compression before encrypting. There are no evident weakness in the use of AES-CTR, hence this challenge has to do with some properties of zlib. Indeed, after fuzzing for a while, it seems like zlib was eliminating duplicate strings - hence a correct guess of a portion of the flag will result in a shorter resulting plaintext compared to the resulting ciphertext from a incorrect guess....