Challenges: Order (TryHackMe)

In this challenge, we intercepted one of Cipher’s encrypted messages which supposedly contained details of their next target. The message was protected using a repeating-key XOR cipher. However, a critical mistake was made—every message from Cipher begins with a known header, making the encryption vulnerable to cryptanalysis. Our goal was to exploit this weakness, recover the encryption key, and decrypt the intercepted message to reveal Cipher’s next target.

We intercepted one of Cipher's messages containing their next target. They encrypted their message using a repeating-key XOR cipher. However, they made a critical error—every message always starts with the header:

Can you help void decrypt the message and determine their next target?
Here is the message we intercepted:

1c1c01041963730f31352a3a386e24356b3d32392b6f6b0d323c22243f6373

1a0d0c302d3b2b1a292a3a38282c2f222d2a112d282c31202d2d2e24352e60

used a python script to look for the flag

cipher_hex = "1c1c01041963730f31352a3a386e24356b3d32392b6f6b0d323c22243f6373" \
             "1a0d0c302d3b2b1a292a3a38282c2f222d2a112d282c31202d2d2e24352e60"

key = b"SNEAKY"
cipher = bytes.fromhex(cipher_hex)
plain = bytes([c ^ key[i % len(key)] for i, c in enumerate(cipher)])
print(plain.decode())

python3 script.py

By leveraging the known header and the repeating-key XOR weakness, we successfully determined the encryption key and decrypted the message. Using a simple Python script, the plaintext was revealed, exposing Cipher’s next target. This demonstrates how small cryptographic implementation errors can compromise sensitive data, even when strong encryption algorithms are used incorrectly.