• random
  • enc
  • teaser
  • run


This challenge consists of a python server script. Running this locally opens a service listening on port 5076. Before even getting to the flag, first the authentication must be bypassed. Once this is done, the service will give you as many encrypted flags as you desire. Problem might be that the used key, initialization vector, block cipher and mode of operation are unknown...

Note the flag is included in the server script. The challenge is to (rather than steal the flag from the script itself), recover this flag by connecting to the service, bypass the authentication and make sense of the encrypted responses as send by the server.

This challenge was served as CRYPTO 400 at the HITB2014 CTF in Amsterdam.