Category: Cryptography
Flag: scsc26{0n3_t1m3_p4d_n3v3r_r3us3}
Description: flag format: scsc26{…}
The challenge provided /home/rei/Downloads/SCSC2026Final/Crypto_1.zip. Initial triage showed a small ZIP archive.
file '/home/rei/Downloads/SCSC2026Final/Crypto_1.zip' && stat -c '%s %F %y' '/home/rei/Downloads/SCSC2026Final/Crypto_1.zip'/home/rei/Downloads/SCSC2026Final/Crypto_1.zip: Zip archive data, made by v3.1, extract using at least v2.0, last modified, last modified Sun, May 14 2026 20:49:24, uncompressed size 252, method=deflate
762 regular file 2026-05-16 10:00:05.290246493 +0700Listing the archive showed two files: chat.log and README.md.
unzip -l '/home/rei/Downloads/SCSC2026Final/Crypto_1.zip'Archive: /home/rei/Downloads/SCSC2026Final/Crypto_1.zip
Length Date Time Name
--------- ---------- ----- ----
252 05-14-2026 20:49 chat.log
547 05-14-2026 19:19 README.md
--------- -------
799 2 filesREADME.md described an internal chat system encrypted with XOR and a fatal key-reuse bug. It also said analysts captured short messages that looked like greetings or connection checks, including ping.
"Sistem chat internal perusahaan diklaim sangat aman oleh tim pengembang karena menggunakan enkripsi XOR dengan kunci acak. Namun, analis keamanan menemukan bahwa sistem tersebut melakukan kesalahan fatal: penggunaan ulang kunci (key reuse) untuk seluruh sesi percakapan. Analis berhasil menangkap beberapa pesan singkat yang dicurigai sebagai perintah sapaan atau pengecekan koneksi (seperti 'ping'). Tugasmu adalah membongkar kunci tersebut dan membaca pesan terakhir dari Admin."chat.log contained eight hex ciphertexts.
1a0008180a4119170409
1004071f10114d110a09040904191701
0100160200134d1d0b081d0b04
020c0a13
1c0010030a130652161015070d08
1f0001000c0f0a52501419
110a021200044d101701150e
1301091d0b5c1e11160746531a5d1c563b00540c5e2d1550103a0f5e0456162b175218015619Trying scsc26{ at the start of the final ciphertext gave non-English prefixes in the shorter messages, so the flag did not start at byte 0. The short fourth ciphertext fit the README hint. XORing it with ping gave the key prefix redt, and that prefix decrypted other messages to hell, back, serv, netw, meet, coff, and admi. Those prefixes led to the repeated key redteam.
The final decryption used that repeated key against every ciphertext.
from pathlib import Path
cts = [
bytes.fromhex(line.strip())
for line in Path('/home/rei/Downloads/SCSC2026Final/CTFChan_Cryptography_SCSC2026Final_PaperLeak/chat.log').read_text().splitlines()
if line.strip()
]
key = b'redteam'
for c in cts:
pt = bytes(c[i] ^ key[i % len(key)] for i in range(len(c)))
if pt.startswith(b'admin='):
print(pt.decode().split('=', 1)[1])scsc26{0n3_t1m3_p4d_n3v3r_r3us3}