hacker.org

Hi there, after brute-forcing my way through xor3 yesterday I have a small issue on understanding the broken xor 3 cipher.

Do I understand it correct that with "encrypted with the same cipher as the Didactic XOR 3 challenge" that means same encryption method, same startkey, same offset (x)?

Probably not, but then I am lacking inital ideas how to hack this.

The key and offset are different.
I am not sure if there is such English word like "brutter" but if there is then you should try "brutter force" approach. It's not too much harder than xor 3, so just make your brute force a bit more so. :twisted:

It's not that hard, you can find it as in XOR 3 but a part of the message is broken.
as it says in the challenge there are missing 0s, so you put them where the string gets unreadable, just a bit trail and error

OK, so the beginning of the message must be encoded correct - that was my main concern, since it would add so many more interations to the brute force, if there is a zero missing at the beginning.

You can brute-force the adding of zeros too. There aren't actually too many additional strings to try to decode.

gfoot wrote:You can brute-force the adding of zeros too. There aren't actually too many additional strings to try to decode.

Well, I got it now, it was quite easy, acutally. But I still don't understand how you possibly could brute force it.

You need to find the startkey and the offset value. If a zero at the beginning of the cipher would have been missing, all decoding would lead to ASCII-garbage, so you had no chance to find out that your key and offset where correct and you only would have to add a zero or two. Perhaps I just don't get it?

If you want to discuss it, we can do so in the solution forum - we shouldn't talk too much about solutions here.

gfoot wrote:If you want to discuss it, we can do so in the solution forum - we shouldn't talk too much about solutions here.

You're right

gfoot wrote:You can brute-force the adding of zeros too. There aren't actually too many additional strings to try to decode.

I don't really get this, here is the text, it is 133 characters long: 8d541ae26426f8b97426b7ae7240d78e401f8f904717d09b2fa4a4622cfcbf7337fbba2cdbcb4e3cdb994812b66a27e9e02f21faf8712bd2907fc384564998857e3b1

That means there are 2^(133-1) possible ways to add zeros, which is around 10^40, so I don't think brute forcing the adding of zeros by itself is correct, there will have to be other things going on at the same time. I am trying something right now but not very optimistic about it

Maybe "brute force" is overstating it - you need to prune your search too. You also get a lot of false positives, e.g. adding a zero before every character gives a ciphertext with only 16 values in it, which decrypts to random ascii text for quite a few key values.

I tried splitting the text string into about 9 or 10 characters (4-5 hex values) and iterating through all possible combinations, shifting the text substring taken by 1, then trying ALL possible combinations, and searching for the string "the", "solu", or "answ", or "hack" which in theory should have came up. There were a few matches but they were just random. I guess I am doing something wrong or none of those strings are in the decrypted text.

Hint
Read the Topic: "Didactic XOR Cipher 3"

script languages 4 ever

a bit of a hit, theres more then enough characters to "solve" this like the other one, you apply the extra 0 thing to finish the whole string

i did not brute force adding 0s myself but i think it can be done. you could take say the first 10 hex digits and just brute force all the x b and add 0 combos on that rather then the whole thing. you should get 5 - 10 letters that would be more then enough to tell if a x b pair is good. if you get more then one good x b pair you can widen the analysis window till there is only 1. i solved it without brute forcing the 0s, though ill admit my method needed a bit of luck to work as it only made one guess per x b pair favoring the least added 0s so if 112233 decoded fine it would not check 11022033 ect