Cryptography Pseudo random

Question

Going through some CTFs tasks I stumbled upon interesting challenge. Following programme will take in flag text file containing single line of random alphanum characters (flag). Will run it though random character rotation and return a string

import random,string

flag = "FLAG:"+open("flag", "r").read()[:-1]
encflag = ""
random.seed("random")
for c in flag:
  if c.islower():
    #rotate number around alphabet a random amount
    encflag += chr((ord(c)-ord('a')+random.randrange(0,26))%26 + ord('a'))
  elif c.isupper():
    encflag += chr((ord(c)-ord('A')+random.randrange(0,26))%26 + ord('A'))
  elif c.isdigit():
    encflag += chr((ord(c)-ord('0')+random.randrange(0,10))%10 + ord('0'))
  else:
    encflag += c
print "Unguessably Randomized Flag: "+encflag

Output : BNZQ:1l36de9583w5516fv3b8691102224f3e

Anyone can explain this can be solved?

Answer 1

As the random is seeded it should generate the same stream of ranges. So you can use the same function but you should change:

encflag += chr((ord(c)-ord('a')+random.randrange(0,26))%26 + ord('a'))

into

encflag += chr((ord(c)-ord('a')-random.randrange(0,26))%26 + ord('a'))
//                change here -^

for all of the three lines.

This should work - until somebody puts a different, more efficient algorithm in the place of random at least, changes the handling of the seed, etc.

---

This is a bad stream cipher implemented using random, don't use it for anything serious. And, as using a non-cryptographic RNG instead of a stream cipher is rather stupid even for crypto demo code, I would not use it for learning purposes either.