Today we’re going through cryptography challenge from EasyCTF called Not OTP.

• Category: Crypto
• Points: 100

In addition we get a hint telling us that there’s something about the cribs.

### Solution

As the hint is about cribs, I decided to firstly use an attack called crib dragging, which works only when two messages are encrypted (xored as in OTP) using the same key. AS you probably know, OTP is only safe when each message has it’s own, unique key.

But back to the attack. To make sure the attack will work, we have to know some of the plaintext from one of the messages. It may be part of the flag, most common English words etc. Firstly, we xor two messages together. Then we xor the suspected plaintext with the xored messages, but at each position of the messages. If this operation produces some readable English text, we may suspect that the plaintext was a part of the message.

Now as we know the basics, let’s get into the task.

To make solution easier and the process of attacking faster, I decided to use a ready tool called CribDrag made by Daniel Crowley. Thanks!

From now we’re ready to attack both ciphertexts. Firstly, we’ll have to xor them with each other but luckily, CribDrag has separate script to do this.

Now let’s the output and run it in cribdrag.

Now the guessing part! Firstly, we know that the message will contain easyctf{ part as it’s part of the flag.

In one of this parts we see text that highly looks like part of the English sentence. Let’s take it’s position and place in the mesage.

My next guess was word flag. Will it be a good one?

Now we can see that it’s getting more readable. After that we’re ready to add is , but to make more readable strings, I decided to input whole flag is easyctf{.

After that part I was stuck for a while. I had no clue what to put there next, trying some random different characters until I noticed that there should be a space also before the flag word. This simple operation will add another letter into the key, which may help us find the right crib.

But no luck for me. After that part, my team mate proposed a word sample, which gave pretty good results.

Lastly, after quite some time we were able to slowly reveal some parts of the message and key.

### Tools

https://github.com/SpiderLabs/cribdrag