From xor.py
we know it generate a random key and xor it with the image to generate a encrypted one.
#!/usr/bin/env python3
from os import urandom
from random import randint
from pwn import xor
input_img = open("flag.png", "rb").read()
output_img = open("flag.png.enc", "wb")
key = urandom(8) + bytes([randint(0, 9)])
output_img.write(xor(input_img, key))
Since the origin image is png format, the header is widely known. If we xor the header with the first 9 bytes of encrypted image, we are able to get the key.
key = header ^ flag.png.enc[:9]
output_img = open("flag.png", "wb")
input_img = open("flag.png.enc", "rb").read()
header = b"\x89\x50\x4e\x47\x0d\x0a\x1a\x0a\x00"
key = [0]*9
for i in range(9):
key[i] = int(input_img[i]) ^ int(header[i])
output_img.write(xor(input_img, key))
$ file flag.png
flag.png: PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced
Open the decrypted image flag.png with ristretto
, the flag is at the bottom left, Hero{123_xor_321}
.