2020 EUROPEAN CYBER SECURITY CHALLENGE

3-7 November 2020

Vienna, Austria

Unauthenticated Encryption

How difficult did you find this challenge?

1 2 3 4 5
Easy Hard
Event ECSC2019
Tags Crypto
Difficulty
Easy
Provider https://cyber.services/
Additional Info
Description

You are a working in a Europol unit on an organized crime investigation. The mission is a large scale operation to end a European criminal enterprise smuggling contraband within different countries.

You have intelligence on the criminal operations through undercover operatives, network surveillance and other sources. You have also the capability to intercept and eavesdrop on their communications.

The criminals have become suspicious and have started using encryption in their communications. You still have access to the encrypted communications and control over the message lines. In addition, you have inside knowledge on their operations and the codes that they are using in their communications. However, you do not have access to the keys they are using in encrypting their communications.

You have intercepted the following encrypted message:

c8c9e50477760d1664e0dd6bc17d50c1aacfe40f30350e116fa1c765d63c5d8f

Your inside intelligence tells you that it is the unauthenticated encryption of the message:

Bring bananas to the cafe today!

You know that this means that the criminals are trying to set up a casual meeting in a public place, where you cannot make the arrests safely. You know that the code for bringing the contraband is “oranges” and you also know that one of their drop-off points is in the port, where you can easily arrest the criminals safely.

You know that the encryption is done using AES encryption in Counter mode with a 128 bit key and an unknown (but fixed) initialization vector (IV). They also use plain ASCII encoding of their text before encryption.

Your challenge is to provide a ciphertext that decrypts to:

Bring oranges to the port today!

under the same key and IV as the original encrypted message. Because there has been no authentication on the message this should go undetected by the recipients and you can successfully carry out your operation.

You only have one try to get this right or the operation fails!
Write-ups
Other artefacts
Tasks

Task 1: What is the encryption of the challenge phrase “Bring oranges to the port today!” under the same key and IV as the original ciphertext?

Task 2: What is the XOR difference that yields the correct ciphertext?

Task 3: What is the XOR difference that yields the correct ciphertext under some other, unknown key?

Task 4: What is the XOR difference that yields the correct ciphertext under some other, unknown IV?