Stream of Consciousness

The challenge is very simple: we are given a function that randomly encrypts a plaintext $p$ , extracted randomly from an array of an unknown length:

from Crypto.Cipher import AES
from Crypto.Util import Counter
import random
 
 
KEY = ?
TEXT = ['???', '???', ..., FLAG]
 
 
@chal.route('/stream_consciousness/encrypt/')
def encrypt():
    random_line = random.choice(TEXT)
 
    cipher = AES.new(KEY, AES.MODE_CTR, counter=Counter.new(128))
    encrypted = cipher.encrypt(random_line.encode())
 
    return {"ciphertext": encrypted.hex()}

The main vulnerability here is that no matter the plaintext, the encryption is performed using the same key, because the cipher is initialized at every call, but the key isn’t.

This basically means that, because of the CRT mode of operation, the encryption becomes something like:

m ess a g es = ⎩ ⎨ ⎧ E n c (m_{1}) = m_{1} \oplus K E n c (m_{2}) = m_{2} \oplus K ... E n c (m_{n}) = m_{n} \oplus K

This degenerates AES into an easier to break encryption scheme, known as Multi Time Pad (this is actually the name of the attack, the encryption scheme is itself a One Time Pad, where the pad is reused $n$ times).

The vulnerability in this kind of attack is that if $m$ is a message in, say, common english, it is possible to retrieve the messages by trying different combinations until the result of the XORs eventually produce an understandable text. A tool to perform this kind of attack is MTP, and here is a demonstration of how it works.

In order to solve the challenge, we just need to dump every ciphertext and then run MTP:

#!/usr/bin/env python
 
import requests
import os
 
 
ENCRYPT_ENDPOINT = "https://aes.cryptohack.org/stream_consciousness/encrypt/"
 
 
def get_ciphertexts():
    texts = []
    print("[+] Getting 22 unique ciphertexts from website.")
    i = 0
    while len(texts) < 22:
        text = requests.get(ENCRYPT_ENDPOINT).json()["ciphertext"]
        if text not in texts:
            texts.append(text)
        i += 1
    print("[+] Got 22 unique ciphertexts. Took {} requests".format(i))
    return texts
 
 
ciphertexts = []
if not os.path.exists("ciphertexts"):
    with open("ciphertexts", "w") as f:
        ciphertexts = get_ciphertexts()
        f.writelines([x + "\n" for x in ciphertexts])

The command to run the tool is mtp ciphertexts:

🪴 Quartz 4

Explorer

Stream of Consciousness

Graph View