encryptionctf

How would I decrypt a base64 string using a symmetric key with an Initializator Vector?

I'm doing a CTF and the task is to decrypt a base64 string with a symmetric key and an IV. However, I always get an error saying ValueError: Incorrect IV length (it must be 16 bytes long).

The instructions I was given is:

Now, you can put together the first eight bytes of all the codes you have found so far.
These bytes will give you a symmetric key to decrypt a secret provided by this HTTP response. 
You may also need an IV, and perhaps it will be on the last eight bytes of each code. Good luck!

The flags are:

02c1ef500ae2ae040ceb904d2d1014
8796f067cc814c8c632e6be8d2dbc9
89510d842231dad07b2a162c43d040
5b7c1a981199072d95384083d12b9c

The string I have to decrypt is:

6dU2tgevONWUv6ZWu+84g7E4r4dKOfBxRiY3jnMf2m1aE4r1AZcOztzEKtwve2z211vOnoiXWJTGWTG6wQxibFDw+tVI8hAGwQMqYqeG963g+wz2ppMP+byEcvAgfwvmLrsgm/+nLFxCeKLWYy/e625RmmNEU06s1Dz6izYXX1PNiYn+JAcZQnS1N5KiuvjX1u2qWAIkAPY2H5/BO25vEg==

The code I'm using is:

from Crypto.Cipher import AES
from Crypto.Util.Padding import unpad
import base64

flags = [
    "02c1ef500ae2ae040ceb904d2d1014", # 02c1ef500ae2ae040ceb904d2d1014
    "8796f067cc814c8c632e6be8d2dbc9", # 8796f067cc814c8c632e6be8d2dbc9
    "89510d842231dad07b2a162c43d040", # 89510d842231dad07b2a162c43d040
    "5b7c1a981199072d95384083d12b9c"  # 5b7c1a981199072d95384083d12b9c
]

key_hex = flags[0][:16] + flags[1][:16] + flags[2][:16] + flags[3][:16]
key = bytes.fromhex(key_hex)

iv_hex = flags[0][-16:] + flags[1][-16:] + flags[2][-16:] + flags[3][-16:]
iv = bytes.fromhex(iv_hex)

cipher_b64 = """6dU2tgevONWUv6ZWu+84g7E4r4dKOfBxRiY3jnMf2m1aE4r1AZcOztzEKtwve2z211vOnoiXWJTGWTG6wQxibFDw+tVI8hAGwQMqYqeG963g+wz2ppMP+byEcvAgfwvmLrsgm/+nLFxCeKLWYy/e625RmmNEU06s1Dz6izYXX1PNiYn+JAcZQnS1N5KiuvjX1u2qWAIkAPY2H5/BO25vEg=="""

encrypted_data = base64.b64decode(cipher_b64)

cipher = AES.new(key, AES.MODE_CBC, iv)
decrypted = cipher.decrypt(encrypted_data)

plaintext = unpad(decrypted, AES.block_size).decode('utf-8')
print(plaintext)

If anyone can help me, I'd appreciate it.

Solution

  • In your question, you assumed that the "flags" were hexadecimal strings, but I didn’t see anything stating that. They are likely just 30 ASCII characters each, which means they represent 30 raw bytes, not hex. This changes how you calculate the key and IV.

    The instructions suggest using the first 8 bytes of each flag to build the key, and the last 8 bytes of each flag to build the IV. Following this logic, I got:

    Key: 02c1ef508796f06789510d845b7c1a98

    IV: 4d2d1014e8d2dbc92c43d04083d12b9c

    Using that key and IV, I was able to decrypt the message like this:
    echo "6dU2tgevONWUv6ZWu+84g7E4r4dKOfBxRiY3jnMf2m1aE4r1AZcOztzEKtwve2z211vOnoiXWJTGWTG6wQxibFDw+tVI8hAGwQMqYqeG963g+wz2ppMP+byEcvAgfwvmLrsgm/+nLFxCeKLWYy/e625RmmNEU06s1Dz6izYXX1PNiYn+JAcZQnS1N5KiuvjX1u2qWAIkAPY2H5/BO25vEg==" | base64 -d > cipher.bin

    openssl enc -d -aes-256-cbc -in cipher.bin -out decryp.txt -K 02c1ef508796f06789510d845b7c1a98 -iv 4d2d1014e8d2dbc92c43d04083d12b9c

    Result: Congratulations! You have completed our first challenge. The final code is 976f01ec317fd664e34ab18a360a43f7888e9065. Please, send it back to us.