Gotta Go Fast

The key is generated using current_time = int(time.time()), hence if we send two request quickly, the value of current_time is the same, leading to the same key. We can reuse this key for decryption of the flag. Another idea is to generate the space of all possible keys that can be generated on the server. However, it seems like there is some time sync issue (the time on my machine is different from the time on the server), hence we will need a bigger range of time, specifically range(current_time - 100, current_time + 101), where current_time is the time measured using int(time....

January 18, 2023 · 2 min · qvinhprolol

No Leaks

We will exploit the fact that the key is randomly generated, and the ciphertext, after the assertion, will not contain the same bytes as the flag. We can issue a lot of requests to the server to slowly eliminate the space of possible characters for the unknown portion of the flag (the ???? portion). The guess space for each unknown position is the characters in the range of 33 to 127, the printable characters....

January 18, 2023 · 2 min · qvinhprolol