From: Sales Department <sales@plutonium.lab>
To: Management Department <management@plutonium.lab>
Subject: Potential Buyer - Are we sure we can deliver?
Hello everyone,
A potential Buyer approached us asking for a HUGE amount of plutonium. Are we even allowed to
sell this much?
Best Regards,
Sales Dept
From: Sales Department <sales@plutonium.lab>
To: Management Department <management@plutonium.lab>
Subject: RE:Potential Buyer - Are we sure we can deliver?
He is a high profile individual. His information is encrypted below:
6b65813f4fe991efe2042f79988a3b2f2559d358e55f2fa373e53b1965b5bb2b175cf039
You know what you have to do.
Best Regards,
Sales Dept
From: Management Department <management@plutonium.lab>
To: Sales Department <sales@plutonium.lab>
Subject: RE:Potential Buyer - Are we sure we can deliver?
Here is the ciphertext encrypted with our key.
fd034c32294bfa6ab44a28892e75c4f24d8e71b41cfb9a81a634b90e6238443a813a3d34
Best Regards,
Management
From: Sales Department <sales@plutonium.lab>
To: Management Department <management@plutonium.lab>
Subject: RE:Potential Buyer - Are we sure we can deliver?
Encrypting again with our key...
de328f76159108f7653a5883decb8dec06b0fd9bc8d0dd7dade1f04836b8a07da20bfe70
Best Regards,
Sales Dept
From: Management Department <management@plutonium.lab>
To: Sales Department <sales@plutonium.lab>
Subject: RE:Potential Buyer - Are we sure we can deliver?
Oh my... This changes everything. We cannot refuse selling to this guy. He can literally destroy us.
Move the process.
Best Regards,
Management
From: Sales Department <sales@plutonium.lab>
To: Management Department <management@plutonium.lab>
Subject: RE:Potential Buyer - Are we sure we can deliver?
Alright, we will process the order. Thanks!
Best Regards,
Sales Dept
The plaintext P is XOR’d with various combinations of a sales key, Sk, and a management key, Mk. Although you don't know P, Sk or Mk, you are provided with three ciphertexts and the third one incorporates the XOR of the sales key twice (i.e. cancelling it out - this is the point of the challenge - don’t XOR with the same key twice!):
C1 = P ^ Sk
C2 = P ^ Sk ^ Mk
C3 = P ^ Sk ^ Mk ^ Sk = P ^ Mk
From these it is very easy to recover Sk, Mk and then P.
https://gchq.github.io/CyberChef/#recipe=From_Hex('Auto')XOR(%7B'option':'Hex','string':'fd034c32294bfa6ab44a28892e75c4f24d8e71b41cfb9a81a634b90e6238443a813a3d34%20%20'%7D,'Standard',false)XOR(%7B'option':'Hex','string':'6b65813f4fe991efe2042f79988a3b2f2559d358e55f2fa373e53b1965b5bb2b175cf039%20%20'%7D,'Standard',false)&input=ZGUzMjhmNzYxNTkxMDhmNzY1M2E1ODgzZGVjYjhkZWMwNmIwZmQ5YmM4ZDBkZDdkYWRlMWYwNDgzNmI4YTA3ZGEyMGJmZTcwIA
input: de328f76159108f7653a5883decb8dec06b0fd9bc8d0dd7dade1f04836b8a07da20bfe70
Key: fd034c32294bfa6ab44a28892e75c4f24d8e71b41cfb9a81a634b90e6238443a813a3d34
Key: 6b65813f4fe991efe2042f79988a3b2f2559d358e55f2fa373e53b1965b5bb2b175cf039
HTB{s3cr3t_sh4r1ng_w1th_x0r_15_l4m3}
4854427b7333637233745f73683472316e675f773174685f7830725f31355f6c346d337d