This year I’m not elligible to participate in the
Cyber Security Challenge Belgium as I’m not a student
anymore so instead I’ve decided to contribute to the competition by writting a few challenges. CBC
XOR was one of my contribution to the crypto category. I’m glad that 26 team managed to solve it
in the end, that’s way better than my other challenge, Enter The Matrix ;)

We all known about XOR encryption and other byte (or character) substitution cipher weakness:
you can attack them using frequency analysis.
But this is not a problem specific to simple cipher, this problem is also found when using strong
cipher (like AES) in Electronic Code Block mode (see
Elecronic Coloring Book for a fun example).

So for this challenge we get the encrypted file: text.enc

And the encryption program source code: cbc_xor.py

What’s the problem? Well, in CBC, combining the previous ciphertext block with the plaintext block
is also done with a XOR and this is a commutative operation. Because the previous ciphertext block
and the IV are all known we can in fact cancel out the CBC mode and transform it into a ECB.

You could write your own tool or simply use my the encryption tool in decryption with a null key.
Then you can recover the key with a traditionnal frequency analysis tool like
xortool.

And xortool very nicely gives us the output file:

The wikipedia text is my fault: I had no idea for a text long enough to work with xortool so I
submitted the challenge with a lorem ipsum :) The organizer put more effort into it than I did by
copying wikipedia ^^