SCSC2026 Final - Paper Leak - Cryptography Writeup

Flag: scsc26{0n3_t1m3_p4d_n3v3r_r3us3}

Description: flag format: scsc26{…}

The challenge provided /home/LIGHT/Downloads/SCSC2026Final/Crypto_1.zip. Initial triage showed a small ZIP archive.

1
file '/home/LIGHT/Downloads/SCSC2026Final/Crypto_1.zip' && stat -c '%s %F %y' '/home/LIGHT/Downloads/SCSC2026Final/Crypto_1.zip'

1
/home/LIGHT/Downloads/SCSC2026Final/Crypto_1.zip: Zip archive data, made by v3.1, extract using at least v2.0, last modified, last modified Sun, May 14 2026 20:49:24, uncompressed size 252, method=deflate
2
762 regular file 2026-05-16 10:00:05.290246493 +0700

Listing the archive showed two files: chat.log and README.md.

1
unzip -l '/home/LIGHT/Downloads/SCSC2026Final/Crypto_1.zip'

1
Archive:  /home/LIGHT/Downloads/SCSC2026Final/Crypto_1.zip
2
  Length      Date    Time    Name
3
---------  ---------- -----   ----
4
      252  05-14-2026 20:49   chat.log
5
      547  05-14-2026 19:19   README.md
6
---------                     -------
7
      799                     2 files

README.md described an internal chat system encrypted with XOR and a fatal key-reuse bug. It also said analysts captured short messages that looked like greetings or connection checks, including ping.

1
"Sistem chat internal perusahaan diklaim sangat aman oleh tim pengembang karena menggunakan enkripsi XOR dengan kunci acak. Namun, analis keamanan menemukan bahwa sistem tersebut melakukan kesalahan fatal: penggunaan ulang kunci (key reuse) untuk seluruh sesi percakapan. Analis berhasil menangkap beberapa pesan singkat yang dicurigai sebagai perintah sapaan atau pengecekan koneksi (seperti 'ping'). Tugasmu adalah membongkar kunci tersebut dan membaca pesan terakhir dari Admin."

chat.log contained eight hex ciphertexts.

1
1a0008180a4119170409
2
1004071f10114d110a09040904191701
3
0100160200134d1d0b081d0b04
4
020c0a13
5
1c0010030a130652161015070d08
6
1f0001000c0f0a52501419
7
110a021200044d101701150e
8
1301091d0b5c1e11160746531a5d1c563b00540c5e2d1550103a0f5e0456162b175218015619

Trying scsc26{ at the start of the final ciphertext gave non-English prefixes in the shorter messages, so the flag did not start at byte 0. The short fourth ciphertext fit the README hint. XORing it with ping gave the key prefix redt, and that prefix decrypted other messages to hell, back, serv, netw, meet, coff, and admi. Those prefixes led to the repeated key redteam.

The final decryption used that repeated key against every ciphertext.

1
from pathlib import Path
2

3
cts = [
4
    bytes.fromhex(line.strip())
5
    for line in Path('/home/LIGHT/Downloads/SCSC2026Final/CTFChan_Cryptography_SCSC2026Final_PaperLeak/chat.log').read_text().splitlines()
6
    if line.strip()
7
]
8

9
key = b'redteam'
10
for c in cts:
11
    pt = bytes(c[i] ^ key[i % len(key)] for i in range(len(c)))
12
    if pt.startswith(b'admin='):
13
        print(pt.decode().split('=', 1)[1])

1
scsc26{0n3_t1m3_p4d_n3v3r_r3us3}