# TechnexCTF 2024
Mình thấy giải này mỗi bài này là hay, còn lại toàn hình ảnh với lỏ cỏ, nên wu mỗi bài này.
Source.py
```python3=
#!/bin/python3
from Crypto.Cipher import AES
from secret import key, flag
def unpad(padded_data: bytes):
pdata_len = len(padded_data)
if pdata_len == 0: raise ValueError("empty message must be padded")
if pdata_len % 16: raise ValueError("Input data is not padded")
padding_len = padded_data[-1]
if padding_len < 1 or padding_len > min(16, pdata_len):
raise ValueError("Padding is incorrect.")
if padded_data[-padding_len:] != bytes([padding_len]) * padding_len:
raise ValueError("Padding is incorrect.")
return padded_data[:-padding_len]
while True:
try:
iv = bytes.fromhex(input("iv: "))
if len(iv) != 16: raise Exception
msg = bytes.fromhex(input("encrypted message: "))
if len(msg) % 16: raise Exception
except:
print("you broke something", flush=True)
print("bai", flush=True)
exit(0)
cipher = AES.new(key, AES.MODE_CBC, iv)
plaintext = cipher.decrypt(msg)
try:
plaintext = unpad(plaintext)
except:
print("I didn't quite catch that, try again", flush=True)
continue
if plaintext == b"send flag pls":
print(flag, flush=True)
break
else:
print("I don't understand, try again", flush=True)
```
Solve.py
```python3=
from time import*
from Crypto.Util.number import*
from pwn import*
from os import urandom
io = process(['python3','server.py'])
right = b''
for count in range(15,-1,-1):
for i in range(256):
zit = 0
io.recvuntil(b"iv: ")
io.sendline(b"00"*count + long_to_bytes(i).hex().encode() + (xor(right,long_to_bytes(15-count+1)*(15-count))).hex().encode())
io.recvuntil(b'message: ')
io.sendline(b"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa")
ct = io.recvuntil(b"\n",drop=True).decode()
if "understand" in ct:
print(ct, long_to_bytes(i).hex())
right = xor(long_to_bytes(16 - count),long_to_bytes(i)) + right
print(right.hex())
zit = 0
break
def pad(msg, block_size):
pad_len = 16 - len(msg) % block_size
return msg + bytes([pad_len])*pad_len
iv = (xor(pad(b"send flag pls",16),right).hex())
io.recvuntil(b'iv: ')
io.sendline(iv.encode())
io.recvuntil(b'message: ')
io.sendline(b"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa")
io.interactive()
```
Sign in with Wallet
Connect another wallet