Writeup For: Black Box HSCTF 8


So the first thing I did was send a and aa. The same output was given so I assumed what was being done was the key was being repeated until it was greater than or equal to the flag’s length. Then I sent a, then b, and so on until z. One of my teammates noticed that the difference between the first and second outputs, second and third, and so on were always constant. From this I concluded that the cipher was probably additive, i.e. somehow adding some value associated with our letter to the value associated with the corresponding letter in the flag. However, because the numbers in the output weren’t increasing by one for each new letter I inputted, I concluded that each letter had its own value. Now to find the actual values, what I did was look at one of the arrays outputted, WLOG let it be the array equal to enc(flag,’a’) and call this array arr. Then let val(x) take a character x and output its integer value. Then arr[0]=val(flag[0])+val(‘a’) and arr[1]=val(flag[1])+val(‘a’) and so arr[0]-arr[1]=val(flag[0])-val(flag[1]). This means that if we find two letters, n1 and m2, such that the difference between the first value in enc(flag,n1) and enc(flag,n2) equals arr[0]-arr[1], then arr[0] is probably n and arr[1] is probably m. Repeating this process for all consecutive values in arr gave a word similar to floccinaucinihilipilification but not quite (I did this process on paper and I don’t have it). Then one of my teammates found that floccinaucinihilipilification, which was similar to what I had, was an actual word, and since the flag was all lowercase (given) we submitted this as the flag and it worked.