OverTheWire - Krypton 6

Posted on 16 July 2018

TL;DR A simple write up of the last level of Krypton.

A simple write up of the last level of krypton. Write ups for the other levels can be found easily on the web, and I suggest those by Alexander Clarke.

So, back to level 6, here is the initial setup:


krypton6@krypton:~$ mkdir /tmp/malvi
krypton6@krypton:/tmp$ cd /tmp/malvi
krypton6@krypton:/tmp/malvi$ ln -s /krypton/krypton6/keyfile.dat .

The key is cyclic, and claimed to be short. Let's encrypt a long sequence of A's:


krypton6@krypton:/tmp/malvi$ python -c "print 'A'*1000" >a
krypton6@krypton:/tmp/malvi$ /krypton/krypton6/encrypt6 a b
krypton6@krypton:/tmp/malvi$ cat b; echo
EICTDGYIYZKTHNSIRFXYCPFUEOCKRNEICTDGYIYZKTHNSIRFXYCPFUEOCKRNEICTDGYIYZKTHNSIRFXYCPFUEOCKRNEICTDGYIYZKTHNSIRFXYCPFUEOCKRNEICTDGYIYZKTHNSIRFXYCPFUEOCKRNEICTDGYIYZKTHNSIRFXYCPFUEOCKRNEICTDGYIYZKTHNSIRFXYCPFUEOCKRNEICTDGYIYZKTHNSIRFXYCPFUEOCKRNEICTDGYIYZKTHNSIRFXYCPFUEOCKRNEICTDGYIYZKTHNSIRFXYCPFUEOCKRNEICTDGYIYZKTHNSIRFXYCPFUEOCKRNEICTDGYIYZKTHNSIRFXYCPFUEOCKRNEICTDGYIYZKTHNSIRFXYCPFUEOCKRNEICTDGYIYZKTHNSIRFXYCPFUEOCKRNEICTDGYIYZKTHNSIRFXYCPFUEOCKRNEICTDGYIYZKTHNSIRFXYCPFUEOCKRNEICTDGYIYZKTHNSIRFXYCPFUEOCKRNEICTDGYIYZKTHNSIRFXYCPFUEOCKRNEICTDGYIYZKTHNSIRFXYCPFUEOCKRNEICTDGYIYZKTHNSIRFXYCPFUEOCKRNEICTDGYIYZKTHNSIRFXYCPFUEOCKRNEICTDGYIYZKTHNSIRFXYCPFUEOCKRNEICTDGYIYZKTHNSIRFXYCPFUEOCKRNEICTDGYIYZKTHNSIRFXYCPFUEOCKRNEICTDGYIYZKTHNSIRFXYCPFUEOCKRNEICTDGYIYZKTHNSIRFXYCPFUEOCKRNEICTDGYIYZKTHNSIRFXYCPFUEOCKRNEICTDGYIYZKTHNSIRFXYCPFUEOCKRNEICTDGYIYZKTHNSIRFXYCPFUEOCKRNEICTDGYIYZKTHNSIRFXYCPFUEOCKRNEICTDGYIYZKTHNSIRFXYCPFUEOCKRNEICTDGYIYZKTHNSIRFXYCPFUEOCKRNEICTDGYIYZKTHNSIRFXYCPFUEOCKRNEICTDGYIYZ

The string EICTDGYIYZKTHNSIRFXYCPFUEOCKRN of length 30 repeats several times. It provides enough information to decrypt the password. Just to be sure, let's try to encrypt 30 A's, followed by 30 B's, followed by 30 C's:


krypton6@krypton:/tmp/malvi$ python -c "print 'A'*30 + 'B'*30 + 'C'*30" >a
krypton6@krypton:/tmp/malvi$ /krypton/krypton6/encrypt6 a b
krypton6@krypton:/tmp/malvi$ cat b; echo
EICTDGYIYZKTHNSIRFXYCPFUEOCKRNFJDUEHZJZALUIOTJSGYZDQGVFPDLSOGKEVFIAKABMVJPUKTHZAERHWGQEMTP

If we break every 30 characters, we can observe that each B has been replaced by the letter following the one that replaced the corresponding A (and similar for each C):


EICTDGYIYZKTHNSIRFXYCPFUEOCKRN
FJDUEHZJZALUIOTJSGYZDQGVFPDLSO
GKEVFIAKABMVJPUKTHZAERHWGQEMTP

Let's write a python script to decrypt the password:


krypton6@krypton:/tmp/malvi$ cat /krypton/krypton6/krypton7; echo
PNUKLYLWRQKGKBE
krypton6@krypton:/tmp/malvi$ cat >a.py <<EOF
key = 'EICTDGYIYZKTHNSIRFXYCPFUEOCKRN'
ct = 'PNUKLYLWRQKGKBE'

pt = ''
for i in range(len(ct)):
    tmp = ord(ct[i]) - ord(key[i])
    if tmp < 0: tmp += 26
    tmp += ord('A')
    pt += chr(tmp)
print pt
EOF
krypton6@krypton:/tmp/malvi$ python a.py
LFSRISNOTRANDOM

LFSR is not random, it's true. However, here the real problem is that knowing the substitution for A is sufficient to predict the substitution for all other letters.