Crypto - dance

step by step - Gureisya

Full Implementation

Challenge

First we look at how the usernames are being generated

dt_now = datetime.datetime.now()
minutes = dt_now.minute
sec = dt_now.second
data1 = f'user: {username}, {minutes}:{sec}'
data2 = f'{username}'+str(random.randint(0, 10))
d[username] = make_token(data1, data2)
print('Registered successfully!')
print('Your token is:', d[username])

The user is registered using data from when the user was created. The token generated is used to encrypt the flag

We can bruteforce over all the possible times to get all the possible tokens

Combinations for data 1

d1=[]
for i in range(60):
    for j in range(60):
        d1.append(f'user: {username}, {i}:{j}')

Combinations for data 2

d2 = []
for i in range(10):
    d2.append(f'{username}'+str(i))

for i in d2:
    for j in d1:
        token = make_token(j, i)
        sha256 = hashlib.sha256()
        sha256.update(token.encode())
        key = sha256.hexdigest()[:32]
        nonce = token[:12]
        cipher = MyCipher(key.encode(), nonce.encode())
        dec = cipher.encrypt(long_to_bytes(int(ciphertext,16)))
        if b"FLAG" in dec:
            print(dec)
            break
#FLAG{d4nc3_l0b0t_d4nc3!!}