Introduction
You hacked into the system of very-secure-shopping.com and you found a SQL-Dump with $$-creditcards numbers. As a good hacker you inform the company from which you got the dump. The managers tell you that they don’t worry, because the data is encrypted.
Dump-File: dump.zip
Goal
Analyze the “Encryption”-method and try to decrypt the flag.
Hints
CC-Numbers are valid ones.
Cyber-Managers often doesn’t know the difference between encoding and encryption.
Challenge Description
The dump consistent of an MySQL dump of some tables named creditcards and flags. The interesting values, namely cc_number and flag_content were encrypted and are prefixed with :). There exists a thing called smile encoding, but this only cost me some time and didn’t got me anywhere.
After doing some analysis I found out, that the encrypted text covers a range of 39 ASCII characters, and that the ASCII values do rise.
So it turns out, that this is some sort of a rolling rotation cipher with a fixed offset of 29. The rotation offset increases by one with every character. I used the following script for analysis and decryption.
import struct
data = [
'QVXSZUVY\ZYYZ[a',
'QOUW[VT^VY]bZ_',
'SPPVSSYVV\YY_\\]',
'RPQRSTUVWXYZ[\]^',
'QTVWRSVUXW[_Z`\\b',
'SlQRUPXWVo\Vuv_n_\\ajjce'
]
chrs = []
offset = 0x4f
lowest = 100
highest = 0
for s in data:
print(s)
print(len(s))
print(' '.join(hex(ord(x)) for x in s))
offset = 29
print(ord(s[-1]) - ord(s[0]))
last = 0
c = ''
i = 1
for x in s:
if ord(x) < lowest:
lowest = ord(x)
if ord(x) > highest:
highest = ord(x)
print(chr(ord(x) - offset - i), end = '')
i += 1
print()
print()
print('lowest %d (%s)' % (lowest, chr(lowest)))
print('highest %d (%s)' % (highest, chr(highest)))
print('range %d' % (highest - lowest))
print('full range: %s' % ''.join(chr(x) for x in range(lowest, highest +1)))
This reveals the flag: HV19{5M113-420H4-KK3A1-19801}.