# CTFlearn 227 - BruXOR

Write-up on CTFlearn’s challenge 227 - BruXOR. Brute, brute, brute! Challenge author: severus.

# Challenge

Crypto, 20 points

There is a technique called bruteforce. Message: q{vpln’bH_varHuebcrqxetrHOXEj No key! Just brute .. brute .. brute … :D

# Solution

This challenge is about brute-force attacks, as described in the caption. A brute-force attack is to try every key or password of a certain length until we get the correct one. In this case, the key is not given, so we need to use brute force to find it. Then, we will be able to decrypt the message, which should give us the key.

Using trial and error or CyberChef’s “Magic” operation (explained later on), we can deduce the cipher used is a classical XOR cipher. There are other ways to do so, but these are the easiest in my opinion.

Let’s open up CyberChef to solve this challenge. CyberChef is an app allowing us to perform crypto functions (and more) quickly in the browser.

These are the two methods I suggest.

## Method 1: XOR Bruteforce

In the *Operations* menu, search for “XOR Brute Force”. Take the *XOR Brute Force* block and drag it in the *Recipe* box. For now, let all parameters at their default state.

Now let’s input our ciphered message and check the *Output* log. It lists every 256 possible keys for a key of a 1-byte length alongside the decrypted result using it. By searching for a few seconds, we have found the flag!

## Method 2: CyberChef’s “Magic” Operation

*Magic* is a really powerful operation proper to CyberChef. Even if its name says so, it is not doing proper magic. Actually, it’s doing multiple tests and calculations to automatically find the encoding of the input data.

In the *Operations* menu, search for “Magic”. Take the *Magic* operation and drag it into *Recipe* box. Turn the intensive mode on and let the depth as it is (the depth signifies the maximum number of levels of recursion, in this case, 1 is enough).

Now let’s input our ciphered message and check the nice table which is displayed for us in the *Output* box.

There are fewer results than with the other method, which makes our life easier to find the flag. But as you can see, the results are not perfect, so let’s filter them using a regular expression (RegEx).

Regular expressions are a way to filter patterns in a text. We will be using this RegEx: `^\w*{\w*}`

Let’s break it down so we understand better how it works:

- The
`^`

character means the start of a line. - The
`\w`

characters mean any letter (uppercase or lowercase) or number. - The
`*`

character means “any amount of time” - The characters
`{`

and`}`

are literally just those characters

Using that information, we could say that this RegEx means: Any string that starts with an unlimited amount of alphanumeric characters, then followed by an unlimited amount of alphanumeric characters surrounded by brackets.

Notice that this is exactly the description of a flag (ex.: flag{test_fl4g}).

If we insert this regular expression in the *Crib* parameter of our *Magic* operation and observe the result, we can see that only the flag’s row is output.

Let me know what you think of this article on twitter @noxtal_ or leave a comment below!