[crypto] Flippin_Bank

Type your comment> @tXxc said:

python3 app.py
Traceback (most recent call last):
File “app.py”, line 7, in
from secret import FLAG
ModuleNotFoundError: No module named ‘secret’

:-/

Edit: I am stupid :slight_smile:
Edit 2: I am stuck hard as ■■■■… I think, I am at the last 20% of the challenge :neutral: Hope, someone could help me

Edit 3: FINALLY I got it! Thanks very much to my new best friends @alienum and @Civero for helping me and being very patient.
@P3t4: Very nice challenge! I learnt so much about python, crypto and how to use instances here :wink:

I think this challenge is hard for newbies in python and crypto, but it was very nice and I’m glad I solved it

can you help me out bro?

Hello, can someone send me a PM in order to give discuss this challenge and maybe give me some hints about it? Thanks

man I need nudge

Spoiler Removed

Never mind, i finally googled the name of the challenge with the encryption type and solved it pretty quick after that.

Hello, I’ve been struggling with the flipping for some time and still unable to know where to apply it without messing everything up. Could someone PM me or provide a hint? Thank you! :slight_smile:

Type your comment> @davihack said:

I can modify the byte target successfully , but previous block gets messed up.
Any help?

If an important block gets messed up, maybe check if you can mess up an unimportant one :wink:

Hi. Can someone help me, please? I run the file app.py but nothing appears. Why don’t appear the message “username:” ?

Type your comment> @cosmicgirl97 said:

Hi. Can someone help me, please? I run the file app.py but nothing appears. Why don’t appear the message “username:” ?

If you would like to run app.py locally please follow the steps below:

  1. Create a python script named ‘secret.py’ and assign to a variable named FLAG your fake flag.
  2. Execute on terminal: pip install pycrypto
  3. Execute on termina: python app.py

Hope this helps.

Hi, can anyone give me some help on this challenge, please?
I wrote a python script, that seems to work as I wish, but I cannot seem to retrieve the good output

Type your comment> @P3t4 said:

Type your comment> @cosmicgirl97 said:

Hi. Can someone help me, please? I run the file app.py but nothing appears. Why don’t appear the message “username:” ?

If you would like to run app.py locally please follow the steps below:

  1. Create a python script named ‘secret.py’ and assign to a variable named FLAG your fake flag.
  2. Execute on terminal: pip install pycrypto
  3. Execute on termina: python app.py

Hope this helps.

Thank you so much :slight_smile:

Type your comment> @lel1q said:

Hi, can anyone give me some help on this challenge, please?
I wrote a python script, that seems to work as I wish, but I cannot seem to retrieve the good output

Have you taken a look at which mode of operation is AES using?
You must exploit some vulnerability related to that.

Hello everyone
I need some helps / hints for this chall, I tried some staffs but nothing.
I think I understood how script and encryption works, I identified 3 blocks in the leaked ciphertext too but when I tried to modify a byte or when I encode the 2 last block myself , it doesn’t work …

anyone can help me please

File “app.py”, line 1, in
import socketserver
ImportError: No module named socketserver
I tried to resolve and search i got that for python2.7 its like SocketServer and for python3 its socketserver.
when i tried to run “sudo python3 app.py” it gives me another error.
Crypto.Util.Padding import pad,unpad

fine fine fine i got that solved that issue. successfully started the server.

Type your comment

For anyone trying to solve this challenge and not knowing what the ■■■■ is going on, I highly recommend going over to the Matasano cryptographic challenges (also know as Cryptopals). It’s a lot of work but it pays off :slight_smile:
That being said, if you know what attack to use it’s not necessary to dive into the concepts.

Hi guys, need help… don’t know how to proceed further after starting the app.py script

Hello, I have some problems when sending bytes belonging to a crafted ciphertext: since it’s an encrypted string, many bytes are not even printable and the decode() in the app.py gives me an error saying it cannot decode that specific bytes. But how am I supposed to send a ciphertext as required if it refuses those bytes?
Also, I receive many errors like “must be str, not bytes” or “odd length string” even when these conditions aren’t real ahahah, meaning that my payload is actually an odd length string.

EDIT: Solved, many of my problems were caused by not using hexlify/unhexlify functions, as used by the source, so make good use of them :slight_smile:
As suggested by others as well, the name of the challenge is a big hint for the kind of attack that can be performed here, so get on Google and start learning.