$ binwalk -e archive.enc # no known file signatures

$ file archive.enc archive.enc: data No magic bytes – it’s a raw blob. Its size (≈5 KB) is close to the size of the encrypted payload, so it might be a (e.g., an encrypted archive that contains the real flag). 3. Reproducing the Decryption First, let’s try the script as‑is:

print('\n=== Decrypting payload.bin with various keys ===') for name, key in keys.items(): dec = xor(payload, key) flag = extract_flag(dec) if flag: print(f'[name] Flag: flag') else: # store binary for manual analysis (work/f'payload_name.bin').write_bytes(dec)

workdir/ ├─ README.txt ├─ payload.bin ├─ secret.py └─ archive.enc 2.1 README.txt Welcome to the CODSMP challenge!

# ----------------------------------------------------------------- # 2. Decode archive.enc (single‑byte XOR 0x20) enc = (work/'archive.enc').read_bytes() dec = xor(enc, b' ') # 0x20 == space == 32 decimal inner_zip = work/'inner.zip' inner_zip.write_bytes(dec)

def xor(data, key): return bytes(a ^ b for a, b in zip(data, itertools.cycle(key)))

Codsmp.zip < 2026 >

$ binwalk -e archive.enc # no known file signatures

workdir/ ├─ README.txt ├─ payload.bin ├─ secret.py └─ archive.enc 2.1 README.txt Welcome to the CODSMP challenge! Reproducing the Decryption First, let’s try the script

def xor(data, key): return bytes(a ^ b for a, b in zip(data, itertools.cycle(key)))

Codsmp.zip < 2026 >

Discover more from Forte Labs