[CTF] WU - Impossible

Difficulty Level : Insane

Challenge Category : Reverse

Description :

I think you can not do it but I got this encryption text can you give me the original one “b4435b1582d92e40aa2d53996fd12b3df2d9ee400a0ce2b8aed17a0c9198”

Solution Steps

Initial Observations

1. The encryption program allows you to input a hexadecimal value and generates the corresponding encrypted output in both hexadecimal and binary formats.
2. The encryption process follows a Feistel Cipher structure with additional bitwise operations and transformations applied to the input data.

Analysis Using Ghidra

Key Observations

1. Arrow 1: A couple of arrays are initialized, which likely contain essential keys or constants for the encryption process.
2. Arrow 2: A variable appears to hold a key, possibly the main encryption key.
3. Arrow 3: The input field processes the provided plaintext into a usable format.
4. Arrow 4: Two obfuscated functions perform the encryption steps. These functions require detailed analysis to understand their behavior.

Function Breakdown

• Function f: Converts the input hexadecimal value into its binary representation, stored in local_7c.
• Function i: Implements the core encryption logic, which includes several transformations and uses other functions for processing.

Component Functions

1. Function b (shiftRight): Performs a right shift on the binary value.
2. Function c (shiftLeft): Performs a left shift on the binary value.
3. Function a (xor): Applies an XOR operation between the binary value and a key.
4. Function g (generateKey): Extends or generates keys to match the size of the data for XOR operations.
5. Function h (applyRotations): Applies a combination of XOR and bitwise rotations, introducing complexity to the encryption process.

Encryption Process Overview

The encryption algorithm utilizes a Feistel Cipher structure with additional steps for added complexity. The steps are as follows:

1. Input and Hexadecimal Conversion

• The input plaintext is received in hexadecimal format and converted into its binary representation. Each hexadecimal digit is represented as a 4-bit binary value.

2. Key Generation

• The main encryption key (DONTTRYITAGIN) is processed and extended to match the size of the plaintext data.

3. Initial Transformation

• The plaintext undergoes a series of 20 operations:
  • 10 left rotations and 10 right rotations.
  • XOR operations with keys: {"i", "told", "you", "dont", "try"}.
• This step diffuses the input data, spreading the influence of individual bits across the entire block.

4. Feistel Cipher Operations

• The data is split into left and right halves.
• The right half undergoes several transformations:
  • Right shift by 4 bits → XOR with "LOL".
  • Left shift by 4 bits → XOR with "GLG".
  • Right shift by 3 bits → XOR with "NON".
  • Left shift by 6 bits → XOR with "HRH".
• The left half becomes the previous right half, and the right half becomes the transformed data.
• These steps ensure strong mixing of the data.

5. Final Transformation

• Additional bitwise shifts are applied:
  • Left shift by 3 → Right shift by 5 → Left shift by 3.
• This adds further complexity to the encrypted output.

Decryption Process Overview

The decryption process reverses all transformations applied during encryption. The steps are as follows:

1. Input and Hexadecimal Conversion

• The ciphertext is received in hexadecimal format and converted back to binary.

2. Key Generation

• The same key (DONTTRYITAGIN) is processed again to generate its binary representation.

3. Reverse Final Transformation

• The additional bitwise shifts applied during encryption are reversed:
  • Right shift by 3 → Left shift by 5 → Right shift by 3.

4. Reverse Feistel Cipher

• The two halves of the data are processed in reverse:
  • XOR with "HRH" → Right shift by 6.
  • XOR with "NON" → Left shift by 3.
  • XOR with "GLG" → Right shift by 4.
  • XOR with "LOL" → Left shift by 4.
• The left and right halves are swapped back to their original positions.

5. Reverse Initial Transformation

• The initial 20 rotations and XOR operations are reversed using the same keys: {"i", "told", "you", "dont", "try"}.

6. Binary to Hexadecimal Conversion

• The binary data is converted back to hexadecimal and then to ASCII to retrieve the plaintext.

Code for Decryption

Here’s a Python script to implement the decryption process:

def decrypt(ciphertext, key):
    # Convert ciphertext from hex to binary
    binary_ciphertext = hex_to_binary(ciphertext)
    
    # Reverse final transformation
    binary_ciphertext = right_shift(binary_ciphertext, 3)
    binary_ciphertext = left_shift(binary_ciphertext, 5)
    binary_ciphertext = right_shift(binary_ciphertext, 3)
    
    # Split into left and right halves
    left, right = split(binary_ciphertext)
    
    # Reverse Feistel operations
    right = xor(right, key["HRH"])
    right = right_shift(right, 6)
    right = xor(right, key["NON"])
    right = left_shift(right, 3)
    right = xor(right, key["GLG"])
    right = right_shift(right, 4)
    right = xor(right, key["LOL"])
    right = left_shift(right, 4)
    
    # Combine halves
    binary_plaintext = combine(left, right)
    
    # Reverse initial transformation
    binary_plaintext = reverse_rotations(binary_plaintext, keys=["i", "told", "you", "dont", "try"])
    
    # Convert binary to plaintext
    plaintext = binary_to_ascii(binary_plaintext)
    return plaintext

# Replace with your functions for hex_to_binary, binary_to_ascii, shifts, and XOR operations