CR2

1. #!/usr/bin/env ruby
2.  
3. # AlexCTF
4. # https://ctf.oddcoder.com/challenges
5. # CR2
6.  
7. require "z3"
8.  
9. msg = "
10. 0529242a631234122d2b36697f13272c207f2021283a6b0c7908
11. 2f28202a302029142c653f3c7f2a2636273e3f2d653e25217908
12. 322921780c3a235b3c2c3f207f372e21733a3a2b37263b313012
13. 2f6c363b2b312b1e64651b6537222e37377f2020242b6b2c2d5d
14. 283f652c2b31661426292b653a292c372a2f20212a316b283c09
15. 29232178373c270f682c216532263b2d3632353c2c3c2a293504
16. 613c37373531285b3c2a72273a67212a277f373a243c20203d5d
17. 243a202a633d205b3c2d3765342236653a2c7423202f3f652a18
18. 2239373d6f740a1e3c651f207f2c212a247f3d2e65262430791c
19. 263e203d63232f0f20653f207f332065262c3168313722367918
20. 2f2f372133202f142665212637222220733e383f2426386b
21. "
22.  
23. msg = msg.tr("\n", "").scan(/../).map{|c| c.to_i(16)}
24.  
25. [26].each do |key_len|
26.   solver = Z3::Solver.new
27.  
28.  
29.   key = key_len.times.map{|j| Z3.Bitvec("k#{j}", 7) }
30.   key.each do |kj|
31.     solver.assert kj.unsigned_ge(" ".ord)
32.   end
33.   plaintext = msg.size.times.map{|i| Z3.Bitvec("p#{i}", 7)}
34.  
35.   "Dear Friend".chars.each_with_index do |pi, i|
36.     solver.assert plaintext[i] == pi.ord
37.   end
38.   "This time I understood my mistake and used".chars.each_with_index do |pi,i|
39.     solver.assert plaintext[i+5+6+2] == pi.ord
40.   end
41.  
42.   msg.size.times do |i|
43.     plain = plaintext[i]
44.     cipher = msg[i]
45.     solver.assert cipher == plain^key[i % key_len]
46.     solver.assert Z3.Or(
47.       plain == "\n".ord,
48.       plain == " ".ord,
49.       plain.unsigned_ge("a".ord) & plain.unsigned_le("z".ord),
50.       plain.unsigned_ge("A".ord) & plain.unsigned_le("Z".ord),
51.       # plain.unsigned_ge("0".ord) & plain.unsigned_le("9".ord),
52.       plain == ".".ord,
53.       plain == ",".ord,
54.       plain == "_".ord,
55.       # plain == "!".ord,
56.     )
57.     # "`%\\[]{}#^()<>*?/@\"'&=~+|;:".chars.each do |weird|
58.     #   solver.assert plain != weird.ord
59.     # end
60.   end
61.   while solver.satisfiable?
62.     puts "Solvable at key len #{key_len}"
63.     model = solver.model
64.     p plaintext.map{|pi| model[pi].to_s.to_i.chr}.join
65.     p key.map{|kj| model[kj].to_s.to_i.chr}.join
66.     puts ""
67.     solver.assert Z3.Or(*plaintext.map{|pi|
68.       pi != model[pi].to_s.to_i
69.     })
70.     # puts "Not solvable at key len #{key_len}"
71.   end
72. end