Python Essentials & XOR Ciphers

In this page, we discuss essentials for python scripting (not nearly enough but a nice intro) and talk about certain libraries we use with Crypto CTF challenges.

Most of you know python, but the catch here is that we won’t be only teaching you python in this session, we’ll be giving you specific crypto-helpful libraries, such as pycryptodome,sympy,numpy,gmpy2.

But first, we’ll be going over some important programming concepts in python!

Python Programming

1. Variables and Data Types

• Variables: Think of variables as “containers” that hold information. In Python, you can create a variable by giving it a name and assigning it a value using the = sign. For example:

  age = 25
  name = "Ahmad"
  is_student = True

• Data Types: Variables can store different types of data:

  • Integer (int): Whole numbers, like 5, 100, or 3.

  • Float (float): Numbers with decimal points, like 3.14 or 2.0.

  • String (str): Text enclosed in quotes, like "Hello, World!".

  • Boolean (bool): Represents True or False.

  Python automatically detects the type of data based on what you assign to a variable, so there’s no need to declare it explicitly.

2. Basic Methods and Functions

• Methods are built-in functions that come with specific data types. For example:

  • Strings: Methods like .upper(), .lower(), or .replace() can modify string variables.

    name = "Ahmad"
    print(name.upper())  # Output: "ALICE"

  • Lists: Methods like .append(), .remove(), or .sort() help you work with lists.

    my_list = [3, 1, 2]
    my_list.sort()
    print(my_list)  # Output: [1, 2, 3]

• Functions: You can also write custom functions to perform specific tasks using the def keyword:

  def greet():
      print("Hello!")
  greet()  # Calls the function and outputs "Hello!

3. Conditional Statements (if statements)

• Conditional statements allow you to run certain blocks of code only when certain conditions are met. In Python, we use if, elif, and else to control the flow based on conditions.

  age = 18
  if age >= 18:
      print("You're an adult!")
  elif age >= 13:
      print("You're a teenager!")
  else:
      print("You're a child!")

• In the example above:

  • If age is 18 or higher, the program prints "You're an adult!"

  • If age is between 13 and 17, it prints "You're a teenager!"

  • Otherwise, it prints "You're a child!"

4. Loops

• Loops allow you to repeat blocks of code multiple times. The main types of loops in Python are for loops and while loops:

  • For Loop: Used when you know how many times you want to repeat something. It often iterates over a list or range.

    for i in range(5):
        print(i)

    • This will print numbers 0 to 4.

  • While Loop: Used when you want to keep repeating as long as a condition is true.

    count = 0
    while count < 5:
        print(count)
        count += 1

    • This will also print numbers 0 to 4, incrementing count until it reaches 5.

Crypto Libraries!

Let’s take a look at some cool libraries we’ll be using throughout the rest of the sessions!

1. PyCryptodome

• What it is: PyCryptodome is a Python library for performing common cryptographic operations. It supports encryption, decryption, hashing, and key generation for algorithms like AES, RSA, DES, SHA, and others.

• How it’s used in CTFs: In CTF challenges, PyCryptodome can help with tasks like decrypting an AES-encrypted message, generating keys, or manipulating RSA parameters.

• Basic Example:

  from Crypto.Cipher import AES
  from Crypto.Util.Padding import pad, unpad
  
  key = b'Sixteen byte key'
  cipher = AES.new(key, AES.MODE_CBC)
  plaintext = b"CTF challenge text"
  ciphertext = cipher.encrypt(pad(plaintext, AES.block_size))
  decrypted = unpad(cipher.decrypt(ciphertext), AES.block_size)
  	print(decrypted)  # Original plaintext

• Why it’s useful: Many CTF challenges involve breaking or understanding encryption schemes, and PyCryptodome provides the building blocks for these tasks.

• Useful functions

long_to_bytes() # takes number and turns it to 'bytes' if your decryption goes well the output of this function should be human readable
bytes_to_long() # does the opposite

2. SymPy

• What it is: SymPy is a Python library for symbolic mathematics. It can solve equations, work with algebraic expressions, perform calculus, and more.

• How it’s used in CTFs: In crypto CTFs, SymPy can be useful for tasks like solving modular equations, factoring polynomials, or finding modular inverses.

• Basic Example:

  from sympy import symbols, Eq, solve
  
  x = symbols('x')
  equation = Eq(x**2 + 3*x + 2, 0)
  solutions = solve(equation, x)
  print(solutions)  # Solutions to the equation x^2 + 3x + 2 = 0

• Why it’s useful: Many CTF crypto problems require algebraic manipulation or solving complex equations, which SymPy simplifies.

3. NumPy

• What it is: NumPy is a library for numerical computation with support for arrays, matrices, and mathematical functions.

• How it’s used in CTFs: While not specifically a crypto library, NumPy can be helpful for matrix operations, handling large arrays of data, or performing operations like finding modular inverses for certain matrix ciphers.

• Basic Example:

  import numpy as np
  
  matrix = np.array([[2, 3], [1, 4]])
  inverse_matrix = np.linalg.inv(matrix)
  print(inverse_matrix)  # Inverse of the matrix if it exists

• Why it’s useful: Some crypto challenges involve matrix manipulations (like Hill ciphers), and NumPy makes these operations easier.

4. GMPY2

• What it is: GMPY2 is a library that provides fast arithmetic for large numbers and supports modular arithmetic, which is frequently used in cryptography.

• How it’s used in CTFs: GMPY2 is invaluable for tasks like computing modular inverses, handling large primes, and performing operations with high precision, which is essential for breaking RSA-based problems.

• Basic Example:

  import gmpy2
  
  p = gmpy2.mpz(17)
  q = gmpy2.mpz(23)
  n = p * q  # RSA modulus
  e = gmpy2.mpz(65537)  # Public exponent
  d = gmpy2.invert(e, (p - 1) * (q - 1))  # Compute private exponent
  print(d)

• Why it’s useful: Many cryptographic algorithms (especially RSA) involve large integers and modular arithmetic, making GMPY2 a go-to library for handling these operations efficiently.

XOR

The XOR, or "exclusive OR," operation is a basic concept in both computer science and digital logic. It is a type of binary operation that takes two inputs (either 0 or 1) and outputs a 1 only if the two inputs are different. If the inputs are the same (both 0s or both 1s), the output will be 0.

Here's a simple truth table to show how XOR works:

Input A	Input B	A XOR B
0	0	0
0	1	1
1	0	1
1	1	0

Key Points to Remember:

1. Same inputs give 0: If both inputs are the same (both 0 or both 1), the XOR output is 0.

2. Different inputs give 1: If the inputs are different (one is 0, the other is 1), the XOR output is 1.

Real-World Analogy:

Think of XOR like a "light switch" rule in a room with two switches. If you flip one switch (changing its state), the light turns on. But if you flip both switches (changing both states), the light turns off again.

Where XOR is Used:

• Computers: In computers, XOR is used in error-checking, encryption, and bitwise operations.

• Digital Circuits: It's a common operation in digital logic design because it is simple and efficient.

Simple Example:

If we want to "flip" a bit (change a 0 to 1 or 1 to 0) using XOR, we can XOR it with 1:

• 0 XOR 1=1 (Flips 0 to 1)

• 1 XOR 1=0 (Flips 1 to 0)

<aside> ❓

Can you think of any way where XOR is used in Cryptography?

</aside>

What is a One-Time Pad?

A One-Time Pad (OTP) is a way to encrypt a message so that no one else can read it. It uses a random key (a string of numbers or letters) that is exactly the same length as the message. Each letter or number in the message is "combined" with the corresponding letter or number in the key to create the encrypted message, called the ciphertext.

How Does It Work?

The OTP uses something called the XOR operation to combine the message with the key:

• If both bits are the same (both 0 or both 1), the XOR result is 0.

• If the bits are different (one is 0 and the other is 1), the XOR result is 1.

This makes it so:

• When you XOR the message and the key, you get the encrypted message.

• When you XOR the encrypted message with the same key again, you get back the original message.

Why It’s Secure

If the key is truly random, as long as the message, and only used once, this method is theoretically unbreakable.

Simple Python Code Example

# Function to XOR each character in the message with each character in the key
def otp_encrypt_decrypt(message, key):
    return ''.join([chr(ord(m) ^ ord(k)) for m, k in zip(message, key)])

# Message and random key (both should be the same length)
message = "HELLO"
key = "XMCKL"  # Example key, must be random and kept secret in real use!

# Encrypt the message
ciphertext = otp_encrypt_decrypt(message, key)
print("Encrypted message:", ciphertext)

# Decrypt the message
decrypted_message = otp_encrypt_decrypt(ciphertext, key)
print("Decrypted message:", decrypted_message)

Here’s a straightforward example in Python that encrypts and decrypts a short message using an OTP.

Explanation of the Code

1. Encrypt/Decrypt: The function otp_encrypt_decrypt takes each letter in the message and XORs it with the corresponding letter in the key.

2. Encrypt: The first call encrypts the message.

3. Decrypt: The second call decrypts it back to the original message by XORing it with the same key.

So with a one-time pad:

• You get the encrypted message by XORing the original message and key.

• You get the original message back by XORing the encrypted message with the same key.

Exercises:

solve the course below, ask for hints if needed:

https://cryptohack.org/courses/intro/course_details/