tylerkerr/crack-ranshomware.py Secret

## crack-ranshomware.py
#!/usr/bin/env python3

from array import array

ctfile = './cd/debian-40r9-amd64-businesscard.iso'
ptfile = './debian-40r9-amd64-businesscard.iso'
flagfile = './flags/flag.txt'

with open(ctfile, 'rb') as f1:
	ctbytes = array('B', f1.read())
with open(ptfile, 'rb') as f2:
	ptbytes = array('B', f2.read())
with open(flagfile, 'rb') as f3:
	flagbytes = array('B', f3.read())

offset = 32 # IV is 3 for debian iso, 5 for flag.txt. this is two AES blocks of 16 bytes each for a total of 32 bytes

keystream = [ctbytes[i] ^ ptbytes[i] for i in range(len(flagbytes) + offset)] # KPA on the encrypted debian ISO to derive a big chunk of keystream

decrypted = [flagbytes[i] ^ keystream[i+offset] for i in range(len(flagbytes))] # using the keystream at the correct offset to decrypt the flag

[print(chr(d), end='') for d in decrypted]
	#!/usr/bin/env python3

	from array import array

	ctfile = './cd/debian-40r9-amd64-businesscard.iso'
	ptfile = './debian-40r9-amd64-businesscard.iso'
	flagfile = './flags/flag.txt'

	with open(ctfile, 'rb') as f1:
	ctbytes = array('B', f1.read())
	with open(ptfile, 'rb') as f2:
	ptbytes = array('B', f2.read())
	with open(flagfile, 'rb') as f3:
	flagbytes = array('B', f3.read())

	offset = 32 # IV is 3 for debian iso, 5 for flag.txt. this is two AES blocks of 16 bytes each for a total of 32 bytes

	keystream = [ctbytes[i] ^ ptbytes[i] for i in range(len(flagbytes) + offset)] # KPA on the encrypted debian ISO to derive a big chunk of keystream

	decrypted = [flagbytes[i] ^ keystream[i+offset] for i in range(len(flagbytes))] # using the keystream at the correct offset to decrypt the flag

	[print(chr(d), end='') for d in decrypted]