AF-3DFB-CR · Kriptanaliz

Layered XOR Cipher

DOWNLOADABLE encrypted file. The real flag is base64 + single-byte XOR encrypted (crack with a 256-key brute force). The base64-only blob is a decoy.

Scenario

A file with two encoded blobs. One is ONLY base64 and decodes directly but yields a plausible-looking FAKE flag (decoy). The other is base64 + single-byte XOR encrypted; its base64 decode is unreadable, so brute-force the 256 possible XOR keys (or frequency analysis) to get the readable text and the real flag. Provide the real flag and the XOR key; do not fall for the base64 decoy.

Anti-forensics techniques

Multi-layer encoding (base64 + XOR)
Single-byte XOR brute force
Base64-only fake blob (red herring)

Provided artifacts

Encrypted text file (base64 + XOR layers)

Sample questions

q1: What is the real flag after decrypting the XOR layer?
q2: What is the single-byte XOR key? (e.g. 0x5a)
trap1: Do NOT report the fake flag from the base64-only blob as the answer.

Soundness trap

The base64-only blob decodes directly but is FAKE; presenting it as the answer is heavily penalized. The real flag appears after cracking the XOR.

Scoring

XOR brute-force solve + base64-decoy resistance (soundness).

DOWNLOADABLE

Download and solve

Download artifact

The answer key is hidden (scored set); the flag is encrypted, you must decrypt it.