0xL4ugh CTF 2024

Description : I love saving my chats with my friends on my laptop but I should protect them, they have info can make you a billionaire 😎, so to protect them well I decided to protect each chat with a different password, so I will protect each one with the year I knew him at and his country (example is 2013brazil) now I’m sure I’m the only one who know these info

Category: Crytpography

here is the challenge file , is a python code as it seems open a file “flag.txt” and read it

myvault.rar

After analysis the description and the scriptA straightforward guide to understanding and implementing file encryption using Python’s cryptography library.

What This Script Does

This script takes a file and password from the user, encrypts the file contents using Fernet encryption, and saves it as a new encrypted file.

The Code Structure

Three main functions:

  1. generate_key() - Creates encryption key from password
  2. encrypt_file() - Handles the actual file encryption
  3. main() - Gets user input and runs the encryption

Quick Code Breakdown

1. Key Generation

#!python3 
# Function to generate a key from the password
def generate_key(password):
    # Hash the password to generate a consistent key
    password_bytes = password.encode('utf-8')
    key = hashlib.sha256(password_bytes).digest()  # SHA256 to get a 32-byte key
    return base64.urlsafe_b64encode(key)  # Fernet requires the key to be in base64 format
  • Converts password to bytes
  • Creates SHA256 hash
  • Returns base64 encoded key for Fernet

2. File Encryption

  # Function to encrypt the file
def encrypt_file(file_name, password):
    # Generate a key based on the password
    key = generate_key(password)
    cipher = Fernet(key)

    # Read the original file content
    with open(file_name, 'rb') as file:
        file_data = file.read()

    # Encrypt the data
    encrypted_data = cipher.encrypt(file_data)
  • Gets encryption key from password
  • Reads file as binary
  • Encrypts data using Fernet
  • Saves as new encrypted file

How to Decrypt that

Building a Simple Password Bruteforce List for File Decryption

Let’s create a basic bruteforce list combining years and countries (as mentioned in description), then use it to attempt decrypting files.

1. Creating the Wordlist

Here’s a simple Python script to generate our wordlist:

#!python3 
 def generate_combinations():
    # Get years from 1900 to 2024
    years = range(1900, 2025)
    
    # Get countries
    countries = ["USA", "UK", "Canada", "Australia", "France", "Germany", "Japan", "China", "India",...etc] #list all 195 countries in here
    
    print(f"Generating combinations for {len(countries)} countries and {len(range(1900, 2025))} years...")

    # Generate combinations and write to file
    with open('combinations.txt', 'w', encoding='utf-8') as f:
        for year in years:
            for country in countries:
                # Write combinations
                f.write(f"{year}{country}\n")

    print(f"Combinations file generated successfully!")

if __name__ == "__main__":
    generate_combinations()

This creates combinations like:

  • USA1999
  • 1999USA
  • France2020
  • 2020France etc.

2. Decryption Script with Bruteforce

Here is my decryption script to attempt decryption with the combination we had created

Decrypt.py

Key Points

  1. The wordlist generator creates all possible combination of <years><country>
  2. Each password is tried until either:
    • Successful decryption occurs
  3. Successfully decrypted files are automatically saved

After decrypt the 3 messages files you will get the flag parts

live Update: THE FLAG will appear this way 0xL4ugh{sad!_ _no_easy_challs anymore} but you should move the 2nd _ to be at the end of the 2nd part to be this way

0xL4ugh{sad!_no_easy_challs_anymore}

Remember: This demonstrates why strong, random passwords are important - simple patterns are vulnerable to bruteforce attacks.