Unzip the package we get these three files.
files.zip __MACOSX malware.pyIn files.zip are four files with name endswith enc
CTF-favicon.png.enc flag.txt.enc malware.py.enc shopping_list.txt.encAES CTR encryption take key and iv to create keystream, xor on keystream and plaintext to generate cipher text. So we can xor cipher text(malware.py.enc) and plain text(malware.py) to get keystream. Once we have the keystream, to get plain text flag we need to xor the encrypted flag (flag.txt.enc) with it.
The encryption script use 16 bytes for one block, so we need to truncated cipher text and plain text into list of 16 byte blocks.
src = [src[i:i+16] for i in range(0, len(src), 16)]
enc = [enc[i:i+16] for i in range(0, len(enc), 16)]
enc_flag = [enc_flag[i:i+16] for i in range(0, len(enc_flag), 16)]The iv used to create each encrypted file is increamented by one for each file, so lets say the initial value for counter is v, the jth file listed after malware.py would be using v+j for encryption.
As the exact order of the four files being listed is not given, we could brute-force from 1 through 3. flag.txt.enc is 38, so it needs 3 (round up 38/16) blocks.
$ wc flag.txt.enc
0 2 38 flag.txt.encSum this up to have the following loop to output the flag.
for i in range(1, 4):
flag = []
for j in range(3):
k = [x^y for x,y in zip(src[i+j], enc[i+j])]
flag.extend([x^y for x,y in zip(enc_flag[j], k)])
print(bytes(flag))