Crypto on 4mN3s14 | CTF Player & Student

Daily Alpacahack - XOR (Crypto / Easy) Writeup

Thu, 12 Mar 2026 00:00:00 +0000

Daily Alpacahack Writeup: XOR (Crypto / Easy)

Category: Crypto
Difficulty: Easy

Challenge Description

We’re given a Python encryption script and a ciphertext hex string.

import os
import secrets
import string
from itertools import cycle

flag = os.getenv("FLAG", "Alpaca{FAKEFAKEFAKEFAKE}").encode()
assert flag.startswith(b"Alpaca{")

# key = b"???????", e.g, abcdefg
key = b"".join(secrets.choice(string.ascii_letters).encode() for _ in range(7))
assert len(key) == 7

c = bytes([c1 ^ c2 for c1, c2 in zip(flag, cycle(key))])
print(c.hex())

Ciphertext:

031b13072d280a2c1816392f3b041d07020d2f1619232817153b24141d000c3925281a3704161b

Analysis

The encryption scheme is a repeating-key XOR cipher:

A random 7-byte key is generated using secrets.choice(string.ascii_letters)
The flag is XOR’d against the key, repeating the key cyclically with itertools.cycle

XOR has the useful property:

AAAAAAAAEEEEEEEESSSSSSSS - CTF Writeup

Sun, 15 Feb 2026 06:00:00 +0000

AAAAAAAAEEEEEEEESSSSSSSS - Alpacahack challenge writeup

Category: Crypto
Difficulty: Medium
Author: hiikunz

Challenge Description

We’re given a Python script that encrypts a flag using AES-ECB mode with a twist - each character of the flag is repeated 8 times before encryption. We can also query an encryption oracle with arbitrary plaintexts.

for c in flag:
 ffffffffllllllllaaaaaaaagggggggg += bytes([c] * 8)
ciphertext = cipher.encrypt(ffffffffllllllllaaaaaaaagggggggg)

Initial Analysis

Let’s break down what the code does:

Flag format: 32 bytes total, format Alpaca{...}
Character repetition: Each character is repeated 8 times
Total plaintext: 32 characters × 8 repetitions = 256 bytes
Encryption: AES-ECB mode (Electronic Codebook)
Blocks: 256 bytes ÷ 16 bytes per block = 16 blocks

Understanding the Encoding

If the flag is Alpaca{test_flag_here______}, the plaintext becomes: