h4ck1t 2016: Chad - Ninja Scheme, Crypto 195pts

Description:
General Tompson welcomes you...again! We have some crypto-problem here...again. Our scouts have intercepted this enemy cryptogram: dd67ca82d358f0c8479e118addcec2f8ce086c0f6f239f9b66d7226a38c68198dbd777f366fb9fd83b60d11109be174759c75ea56a4866c2 Some time later our IT-ninjas have broken into the enemy computer system and grabbed something pretty much similar to undefined encryption algorithm scheme. Look at this grabbed scheme and help us to understand how it works. Yours, Gen. Tompson
Flag:
KV_F315T31_Kn0VVS_H1S_NN3Tvv0Rk_PrEttY_a1nt_B4D

The encryption scheme used here is a very bad Feistel network style algorithm, the image they give you is this:

I also inquired about this problem on the Telegram chat, and a hint was given that N is proportional to the round number. Normally, people could use differential analysis to break a cipher like this, but with such a small cipher text that was not feasible. Rather, I brute forced different key combinations that were proportional to the round number. I wrote a script that goes through various starting points for the last subkey value used, starting at 256 and then incrementing the subkey value a different fixed amount every time. Each time it runs the reverse of the encryption algorithm (or decryption), which was fairly simple to reverse since the subkey function is just addition. I would then print out strings that had at least 90% printable characters. I eventually got the string "h4ck1t{K" to print with a last subkey of 256 and decreasing the subkey by one each round in. I then used these values on the next 6 blocks of cipher text, each decrypting to:
h4ck1t{K
VF315T3
1
Kn0VVS
H1SNN3
Tvv0RkP
rEttY
a1
nt_B4D}0
The script I used to decrypt can be viewed here.

This post was originally uploaded on aaroncook.xyz