In [None]:
!pip install pycryptodome



*F1*


Hexadecimal can be used in such a way to represent ASCII strings. First each letter is converted to an ordinal number according to the ASCII table (as in the previous challenge). Then the decimal numbers are converted to base-16 numbers, otherwise known as hexadecimal. The numbers can be combined together, into one long hex string.

Included below is a flag encoded as a hex string. Decode this back into bytes to get the flag.
```

63727970746f7b596f755f77696c6c5f62655f776f726b696e675f776974
685f6865785f737472696e67735f615f6c6f747d
```

In [1]:
# The hex string
hex_string = "63727970746f7b596f755f77696c6c5f62655f776f726b696e675f776974685f6865785f737472696e67735f615f6c6f747d"

# Method 1: Using bytes.fromhex()
decoded = bytes.fromhex(hex_string).decode('ascii')
print(decoded)

# Method 2: Alternative way using int() and chr()
decoded2 = ""
for i in range(0, len(hex_string), 2):
    hex_pair = hex_string[i:i+2]
    decimal = int(hex_pair, 16)
    decoded2 += chr(decimal)
print(decoded2)


crypto{You_will_be_working_with_hex_strings_a_lot}
crypto{You_will_be_working_with_hex_strings_a_lot}


_______________________________________________________________________________________

*F2*


Another common encoding scheme is Base64, which allows us to represent binary data as an ASCII string using an alphabet of 64 characters. One character of a Base64 string encodes 6 binary digits (bits), and so 4 characters of Base64 encode three 8-bit bytes.

Base64 is most commonly used online, so binary data such as images can be easily included into HTML or CSS files.

Take the below hex string, decode it into bytes and then encode it into Base64.

```
72bca9b68fc16ac7beeb8f849dca
1d8a783e8acf9679bf9269f7bf
```

 In Python, after importing the base64 module with import base64, you can use the base64.b64encode() function. Remember to decode the hex first as the challenge description states.

In [2]:
import base64

# The hex string
hex_string = "72bca9b68fc16ac7beeb8f849dca1d8a783e8acf9679bf9269f7bf"

# Step 1: Convert hex to bytes
bytes_data = bytes.fromhex(hex_string)

# Step 2: Encode bytes to Base64
base64_encoded = base64.b64encode(bytes_data).decode()

print(base64_encoded)


crypto/Base+64+Encoding+is+Web+Safe/


_________________________________________________
*F3*

Cryptosystems like RSA works on numbers, but messages are made up of characters. How should we convert our messages into numbers so that mathematical operations can be applied?

The most common way is to take the ordinal bytes of the message, convert them into hexadecimal, and concatenate. This can be interpreted as a base-16/hexadecimal number, and also represented in base-10/decimal.

To illustrate:

message: HELLO
ascii bytes: [72, 69, 76, 76, 79]

hex bytes: [0x48, 0x45, 0x4c, 0x4c, 0x4f]

base-16: 0x48454c4c4f

base-10: 310400273487

 Python's PyCryptodome library implements this with the methods bytes_to_long() and long_to_bytes(). You will first have to install PyCryptodome and import it with from Crypto.Util.number import 


Convert the following integer back into a message:
```
11515195063862318899931685488813747
39577551628728968263649996528271463
7259206269
```

In [3]:
# Original message
message = "HELLO"

# Convert to ASCII bytes
ascii_bytes = [ord(c) for c in message]
print(f"ASCII bytes: {ascii_bytes}")

# Convert to hex bytes
hex_bytes = [hex(ord(c)) for c in message]
print(f"Hex bytes: {hex_bytes}")

# Create base-16 (hex) representation by concatenating
hex_string = "0x" + "".join([hex(ord(c))[2:] for c in message])
print(f"Base-16: {hex_string}")

# Convert to base-10 (decimal)
decimal = int(hex_string, 16)
print(f"Base-10: {decimal}")

# To convert back from decimal to text:
def decimal_to_text(decimal_num):
    hex_str = hex(decimal_num)[2:]  # Remove '0x' prefix
    # Ensure even length
    if len(hex_str) % 2 != 0:
        hex_str = '0' + hex_str
    # Convert back to bytes and then to string
    return bytes.fromhex(hex_str).decode('ascii')

# Test the conversion back
original = decimal_to_text(decimal)
print(f"Back to text: {original}")


ASCII bytes: [72, 69, 76, 76, 79]
Hex bytes: ['0x48', '0x45', '0x4c', '0x4c', '0x4f']
Base-16: 0x48454c4c4f
Base-10: 310400273487
Back to text: HELLO


In [5]:
from Crypto.Util.number import bytes_to_long, long_to_bytes

# Original message
message = "HELLO"

# Method 1: Using PyCryptodome (easiest way)
message_bytes = message.encode('ascii')
number = bytes_to_long(message_bytes)
print(f"Using PyCryptodome bytes_to_long(): {number}")

# Converting back to text
recovered = long_to_bytes(number).decode('ascii')
print(f"Recovered message: {recovered}")



Using PyCryptodome bytes_to_long(): 310400273487
Recovered message: HELLO


In [7]:
from Crypto.Util.number import long_to_bytes

# The given number
number = 11515195063862318899931685488813747395775516287289682636499965282714637259206269

# Method 1: Using PyCryptodome (easier way)
message = long_to_bytes(number).decode()
print(f"Using PyCryptodome: {message}")

# Method 2: Manual conversion
def decimal_to_text(decimal_num):
    # Convert decimal to hex, remove '0x' prefix
    hex_str = hex(decimal_num)[2:]
    # Ensure even length
    if len(hex_str) % 2 != 0:
        hex_str = '0' + hex_str
    # Convert hex to bytes and then to string
    return bytes.fromhex(hex_str).decode('ascii')

manual_message = decimal_to_text(number)
print(f"Using manual conversion: {manual_message}")


Using PyCryptodome: crypto{3nc0d1n6_4ll_7h3_w4y_d0wn}
Using manual conversion: crypto{3nc0d1n6_4ll_7h3_w4y_d0wn}


___________________________________________________________________
*F4*



XOR is a bitwise operator which returns 0 if the bits are the same, and 1 otherwise. In textbooks the XOR operator is denoted by $\oplus$, but in most challenges and programming languages you will see the caret used instead.

A	B	A $\oplus$ B

0	0	0

0	1	1

1	0	1

1	1	0

For longer binary numbers we XOR bit by bit: $0110 \oplus 1010 = 1100$. We can XOR integers by first converting the integer from decimal to binary. We can XOR strings by first converting each character to the integer representing the Unicode character.

Given the string label, XOR each character with the integer 13. Convert these integers back to a string and submit the flag as crypto\{new\_string\}.

The Python pwntools library has a convenient xor() function that can XOR together data of different types and lengths. But first, you may want to implement your own function to solve this.

In [9]:
def xor_with_key(text, key):
    """
    XOR each character in text with the given key value
    Args:
        text (str): Input text to XOR
        key (int): Integer key to XOR with
    Returns:
        str: XORed result
    """
    return ''.join(chr(ord(c) ^ key) for c in text)

def make_flag(text):
    return f"crypto{{{text}}}"

# Solve the original problem (label XOR 13)
original_text = "label"
key = 13

result = xor_with_key(original_text, key)
flag = make_flag(result)

print(f"Original text: {original_text}")
print(f"XORed with {key}: {result}")
print(f"Flag: {flag}")



# Verify reversibility
reversed_text = xor_with_key(result, key)
print(f"XORing result again with {key}: {reversed_text}")


Original text: label
XORed with 13: aloha
Flag: crypto{aloha}
XORing result again with 13: label


In [10]:
# Demonstrate the process
print("\nStep by step process:")
for char in original_text:
    original_num = ord(char)
    xored = original_num ^ key
    new_char = chr(xored)
    print(f"Character: {char}")
    print(f"ASCII value: {original_num}")
    print(f"XORed with {key}: {xored}")
    print(f"New character: {new_char}")
    print()


Step by step process:
Character: l
ASCII value: 108
XORed with 13: 97
New character: a

Character: a
ASCII value: 97
XORed with 13: 108
New character: l

Character: b
ASCII value: 98
XORed with 13: 111
New character: o

Character: e
ASCII value: 101
XORed with 13: 104
New character: h

Character: l
ASCII value: 108
XORed with 13: 97
New character: a



In [18]:
# Install pwntools using pip
#!pip install pwntools;

from pwn import *

text = "label"
result = xor(text, 13)
flag = f"crypto{{{result.decode()}}}"
print(flag)


crypto{aloha}


___________________________________________________________________
*F5*



In the last challenge, you saw how XOR worked at the level of bits. In this one, we're going to cover the properties of the XOR operation and then use them to undo a chain of operations that have encrypted a flag. Gaining an intuition for how this works will help greatly when you come to attacking real cryptosystems later, especially in the block ciphers category.

There are four main properties we should consider when we solve challenges using the XOR operator

Commutative: $A \oplus B = B \oplus A$
Associative: $A \oplus (B \oplus C) = (A \oplus B) \oplus C$
Identity: $A \oplus 0 = A$
Self-Inverse: $A \oplus A = 0$

Let's break this down. Commutative means that the order of the XOR operations is not important. Associative means that a chain of operations can be carried out without order (we do not need to worry about brackets). The identity is 0, so XOR with 0 "does nothing", and lastly something XOR'd with itself returns zero.

Let's put this into practice! Below is a series of outputs where three random keys have been XOR'd together and with the flag. Use the above properties to undo the encryption in the final line to obtain the flag.

```
KEY1 = a6c8b6733c9b22de7bc0253266a3867df55acde8635e19c73313
KEY2 ^ KEY1 = 37dcb292030faa90d07eec17e3b1c6d8daf94c35d4c9191a5e1e
KEY2 ^ KEY3 = c1545756687e7573db23aa1c3452a098b71a7fbf0fddddde5fc1
FLAG ^ KEY1 ^ KEY3 ^ KEY2 = 04ee9855208a2cd59091d04767ae47963170d1660df7f56f5faf
```

Before you XOR these objects, be sure to decode from hex to bytes.

In [23]:
from Crypto.Util.number import *


# Convert hex strings to integers
KEY1 = int('a6c8b6733c9b22de7bc0253266a3867df55acde8635e19c73313', 16)
KEY2_XOR_KEY1 = int('37dcb292030faa90d07eec17e3b1c6d8daf94c35d4c9191a5e1e', 16)
KEY2_XOR_KEY3 = int('c1545756687e7573db23aa1c3452a098b71a7fbf0fddddde5fc1', 16)
FLAG_XOR_ALL = int('04ee9855208a2cd59091d04767ae47963170d1660df7f56f5faf', 16)

# Using the properties:
# 1. From KEY2 ^ KEY1 we can get KEY2 by XORing both sides with KEY1
# 2. From KEY2 ^ KEY3 we can get KEY3 by XORing with KEY2
# 3. Then we can solve for FLAG

# Get KEY2 using KEY2 ^ KEY1
KEY2 = KEY2_XOR_KEY1 ^ KEY1  

# Get KEY3 using KEY2 ^ KEY3
KEY3 = KEY2_XOR_KEY3 ^ KEY2

# The encrypted flag is FLAG ^ KEY1 ^ KEY3 ^ KEY2
# To get FLAG, XOR with the same keys again
FLAG = FLAG_XOR_ALL ^ KEY1 ^ KEY3 ^ KEY2

# Convert the result back to bytes and decode
flag = long_to_bytes(FLAG)
print(flag.decode())


crypto{x0r_i5_ass0c1at1v3}


In [26]:
from pwn import xor
k1=bytes.fromhex('a6c8b6733c9b22de7bc0253266a3867df55acde8635e19c73313')
k2_3=bytes.fromhex('c1545756687e7573db23aa1c3452a098b71a7fbf0fddddde5fc1')
flag=bytes.fromhex('04ee9855208a2cd59091d04767ae47963170d1660df7f56f5faf')
print(xor(k1,k2_3,flag)) 

b'crypto{x0r_i5_ass0c1at1v3}'


_______________________________________________________________

*F6*

I've hidden some data using XOR with a single byte, but that byte is a secret. Don't forget to decode from hex first.
```
73626960647f6b206821204f
21254f7d694f762466206562
2127234f726927756d
```

In [27]:
def try_single_byte_xor(hex_string):
    # Convert hex to bytes
    ciphertext = bytes.fromhex(hex_string)
    
    # Try every possible byte value (0-255)
    for key in range(256):
        # XOR each byte with the key
        result = ''
        valid = True
        
        # Create the decoded text
        decoded = ''.join(chr(b ^ key) for b in ciphertext)
        
        # Check if the result contains printable ASCII
        if all(32 <= ord(c) <= 126 for c in decoded):
            print(f"Key {key}: {decoded}")

# The encrypted hex string
hex_string = "73626960647f6b206821204f21254f7d694f7624662065622127234f726927756d"

try_single_byte_xor(hex_string)


Key 1: rchae~j!i !N $N|hNw%g!dc &"Nsh&tl
Key 3: pajcg|h#k"#L"&L~jLu'e#fa"$ Lqj$vn
Key 4: wfmd`{o$l%$K%!KymKr b$af%#'Kvm#qi
Key 5: vgleazn%m$%J$ JxlJs!c%`g$"&Jwl"ph
Key 6: udofbym&n'&I'#I{oIp"`&cd'!%Ito!sk
Key 7: tengcxl'o&'H&"HznHq#a'be& $Hun rj
Key 8: {jahlwc(`)(G)-GuaG~,n(mj)/+Gza/}e
Key 11: xibkot`+c*+D*.DvbD}/m+ni*,(Dyb,~f
Key 14: }lgnjqe.f/.A/+AsgAx*h.kl/)-A|g){c
Key 15: |mfokpd/g./@.*@rf@y+i/jm.(,@}f(zb
Key 16: crypto{0x10_15_my_f4v0ur173_by7e}
Key 17: bsxqunz1y01^04^lx^g5w1ts062^cx6d|
Key 19: `qzswlx3{23\26\nz\e7u3vq240\az4f~
Key 21: fw|uqj~5}45Z40Zh|Zc1s5pw426Zg|2`x
Key 24: kzqx|gs8p98W9=WeqWn<~8}z9?;Wjq?mu
Key 28: o~u|xcw<t=<S=9SauSj8z<y~=;?Snu;iq
Key 30: m|w~zau>v?>Q?;QcwQh:x>{|?9=Qlw9ks


```
Key 16: crypto{0x10_15_my_f4v0ur173_by7e} is the answer
```

In [29]:
from pwn import xor
# Imports the xor function from the pwntools library, which makes XOR operations easy

cipher = bytes.fromhex("73626960647f6b206821204f21254f7d694f7624662065622127234f726927756d")
# 1. Takes the hex string (the encrypted message)
# 2. bytes.fromhex() converts the hex string into bytes for processing
# For example: '73' becomes the byte value 0x73

for i in range(256):
    # Tries every possible single byte value (0-255)
    # Since a byte can be any value from 0 to 255, we try each one
    
    result = xor(cipher, i).decode()
    # 1. xor(cipher, i) - XORs each byte of the cipher with the value i
    # 2. .decode() - converts the resulting bytes back to a readable string
    
    if result.startswith('crypto{'):
        # Checks if the decoded result starts with 'crypto{'
        # This is how we know we found the correct key
        
        print(f"Found flag: {result}")
        # Prints the flag when found
        
        break
        # Exits the loop once we find the correct result



Found flag: crypto{0x10_15_my_f4v0ur173_by7e}


________________________________________________________________________________
*F7*


I've encrypted the flag with my secret key, you'll never be able to guess it.

Remember the flag format and how it might help you in this challenge!

```
0e0b213f26041e48
0b26217f27342e175
d0e070a3c5b103e25
26217f27342e175d0e
077e263451150104
```

In [34]:
from pwn import xor

# Convert hex to bytes
cipher = bytes.fromhex('0e0b213f26041e480b26217f27342e175d0e070a3c5b103e2526217f27342e175d0e077e263451150104')

# Known start of the flag
known = b'crypto{'

# Find the key by XORing the first 7 bytes with 'crypto{'
key = xor(cipher[:7], known)
print(f"Key found: {key.decode()}")

# Try extending the key (it's probably repeating)
key = key.decode()
while len(key) < len(cipher):
    key += key



Key found: myXORke


In [31]:
from pwn import xor

cipher = bytes.fromhex('0e0b213f26041e480b26217f27342e175d0e070a3c5b103e2526217f27342e175d0e077e263451150104')
key = b'myXORkey'  # We already know the key
flag = xor(cipher, key * (len(cipher)//len(key) + 1))
print(f"Flag: {flag.decode()}")


Flag: crypto{1f_y0u_Kn0w_En0uGH_y0u_Kn0w_1t_4ll}VDsTC}


____________________________________________________________________________________________
*F8*

calculate 
gcd
⁡
(
a
,
b
)
gcd(a,b) for 
a=66528,
b=52920
and enter it below.


In [36]:
def gcd(a, b):
    while b:
        a, b = b, a % b
    return a


# Calculate the actual challenge
a = 66528
b = 52920
result = gcd(a, b)
print(f"GCD of {a} and {b} is: {result}")

GCD of 12 and 8 is: 4
GCD of 66528 and 52920 is: 1512


___________________________________________________________

*F9*

In [38]:
def extended_gcd(a, b):
    if a == 0:
        return b, 0, 1
    else:
        gcd, x, y = extended_gcd(b % a, a)
        return gcd, y - (b//a) * x, x

# The primes
p = 26513
q = 32321

# Calculate GCD and coefficients
gcd, u, v = extended_gcd(p, q)

print(f"GCD: {gcd}")
print(f"u: {u}")
print(f"v: {v}")
print(f"Verification: {p*u + q*v}")  # Should equal GCD
print(f"Flag is the lower of u ({u}) and v ({v})")


GCD: 1
u: 10245
v: -8404
Verification: 1
Flag is the lower of u (10245) and v (-8404)
