Step-by-step solution to W1seGuy while breaking down the logic of XOR and key recovery.
Press enter or click to view image in full size
I’ve seen a few CTF challenges now that lean on the same idea: XOR with known plaintext. The pattern with these XOR challenges is clear: once you know a little bit of the plaintext, you can use it to recover the key and unlock the rest.
Setup
This challenge comes from the TryHackMe W1seGuy room. We’re given two important pieces right away:
- The server source code
- The fact that it’s listening on port 1337 over TCP
Let’s start with the source code:
import random
import socketserver
import socket, os
import stringflag = open('flag.txt','r').read().strip()
def send_message(server, message):
enc = message.encode()
server.send(enc)
def setup(server, key):
flag = 'THM{thisisafakeflag}'
xored = ""
for i in range(0,len(flag)):
xored += chr(ord(flag[i]) ^ ord(key[i%len(key)]))
hex_encoded = xored.encode().hex()
return hex_encoded
def start(server):
res = ''.join(random.choices(string.ascii_letters + string.digits, k=5))
key = str(res)
hex_encoded = setup(server, key)
send_message(server, "This XOR encoded text has flag…