After we analyze the code, we found that the key point is the key variable.
The key variable is a 6 bytes data. Since key * (key-5) has to be 17557, we know that there's only 2 conditions:
1. key = 97 & key = 186
2. key = 181 & key = 102
But we still know nothing about key ~ key, so we'll have to use brute-force attack to get the rest of these 4 bytes.
The script told us the ciphertext:
But it didn't tell us what's the plaintext, which is
We kind of stuck in here for a while, before I google what the hell is "the answer to life the universe and everything"
And this is what google told me:
.........................WHAT THE F*CK?
How the hell are we suppose to know that?! (╯°д°)╯ ︵ ┻━┻
God damn it.....
So apparently, the plaintext is:
Now we got the ciphertext & plaintext, we can use brute-force attack to crack the whole key. The time complexity's about 256*256*256*256*2 ( key & key has only 2 conditions ), which is about 8.5 billion calculations. For me, I wrote a C++ program, with the help of the OpenSSL library, spent about 25 minutes to crack the key out.
key : \x81\x69\x37\x88\x61\xBA
But we're not done yet. After we got the right key, it will help us generate the right filename, which is:
After we enter the filename in the url (under the Code400 domain of course), we found a message. It gave us a ciphertext and a plaintext which is partialy decrypted:
I decode the base64 ciphertext, and found that there're 320 bytes data, which is same as the plaintext. And then I try to decrypt the whole plaintext, but unfortunately I failed -_- (I suck at crypto !). So I send this message to one of my teammate, who is good at it.
He found out that the actual ciphertext & plaintext were both only 64 bytes, they just repeat themselves 5 times (64*5 = 320). So he splitted the plaintext into 5 groups, observed the known plaintext ,do the cross-comparison and complete the whole plaintext: