2023 Business CTF: Initialization

#htb #ctf #crypto #aes #ctr-mode #nonce-reuse

Challenge Information

AttributeDetails
Event2023 Business CTF
CategoryCrypto
ChallengeInitialization
DifficultyVery Easy

Summary

During a cyber security audit, you discover suspicious traffic to an IP in enemy territory. Analysis of the encryption scheme reveals a critical vulnerability: multiple messages are encrypted with different keys and counters, but the key generation has a fatal flaw that makes it trivial to break.

Analysis

The encryption implementation:

class AdvancedEncryption:
    def __init__(self, block_size):
        self.KEYS = self.generate_encryption_keys()
        self.CTRs = [Counter.new(block_size) for i in range(len(MSG))]


    def generate_encryption_keys(self):
        keys = [[b'\x00']*16] * len(MSG)  # VULNERABILITY: shallow copy
        for i in range(len(keys)):
            for j in range(len(keys[i])):
                keys[i][j] = os.urandom(1)
        return keys

The critical vulnerability is the shallow copy: [[b'\x00']*16] * len(MSG). This creates the same list object repeated multiple times, so all “different” keys are actually references to the same underlying list. When random bytes are assigned, they modify all keys simultaneously.

Solution

The vulnerability makes all encryption keys identical. Additionally, the cipher uses AES.MODE_CTR with separate counters that reset for each message.

Attack approach:

  1. Recognize that all messages are encrypted with the same key
  2. Use known-plaintext or pattern analysis to recover the keystream
  3. XOR ciphertexts together to eliminate the key material
  4. Recover plaintext using various cryptanalysis techniques

The vulnerability is compounded by weak key generation that produces identical keys for all messages, making the entire encryption scheme trivial to break.

Key Takeaways

  • List initialization in Python can lead to shared mutable state
  • AES-CTR mode security depends on proper nonce/counter handling
  • Never reuse the same key and counter combination
  • Key generation must produce cryptographically independent keys
  • This demonstrates how subtle implementation bugs can catastrophically fail security
  • Always use proper cryptographic libraries rather than implementing from scratch