Cryptanalysis

Hi, I think I need a hint on this challenge. I’ve managed to insert "is_member=true" into the token, but it seems the challenge also requires me to avoid the garbage block that precedes this inserted text ("Some weird char in that token....."). Any pointers on topics I should be looking into?

Thanks!

Hello yseong,
I ran into the same problem when I first tried this challenge yesterday, I used one and a half block for the name field and used the last part of it in order to change the member field during decryption. The modified block turns into garbage because Ptext(3) = DEC(Ctext(3)) XOR Ctext(2). In order to get no non-printable characters in the name field at decryption, I have two ideas :
- Adding another block in the name field, and make those two blocks "cancel out" at decryption
- Using the id counter (which only increments when several accounts are created on the same connection)
I am planning to test those ideas during the week-end, feel free to PM if you want to join :)

I’ve been stuck at the same point for quite some time now...
Has any of your two approaches been successful?
If so, which one?

Thanks!

Edit:
Nevermind, got it!
Thinking about how the server might parse the given data helped...
Great challenge btw!

I’m struggling with this one.

Same thing as OP, I know how to make the token have "is_member=true", but the garbage in the modified block is detected by the server!

Any tips?

Also having issues with the garbled block. Have flipped the ";is__member=true;". Have tried all asci-chars to get the parser to accept the garbage but to no success. Any tips?

You can have garbage in your plaintext like : key=value;garbage;key=value but you have to separate your garbage between semicolons :)