# Meet Me Halfway

Meet-in-the-middle attack on AES

## Contents

We are given `challenge.py`

, which does the following:

Creates two keys

Key1 is

`cyb3rXm45!@#`

+ 4 random bytes from`0123456789abcdef`

Key2 is 4 random bytes from

`0123456789abcdef`

+`cyb3rXm45!@#`

Encrypts the flag with Key1 using AES-ECB

Encrypts the

*encrypted*flag with Key2 using AES-ECB

We can also encrypt a given input and get the result - I choose to send `12345678`

as the hex-encoded plaintext and receive . For these keys, the encrypted flag is given as:

## The Attack

Now we have a known plaintext and ciphertext, we can use both one after the other and bruteforce possible keys. Note that the encryption looks like this:

We do not know what the intermediate value `x`

is, but we can use brute force to calculate it by

Looping through all possibilities for

`key1`

and saving the encrypted version of`12345678`

Looping through all possibilities for

`key2`

and saving the**decryption**of`449e2eb...`

Finding the intersection between the encryption with

`key1`

and the decryption with`key2`

Once we find this intersection, we can use that to work back and calculate `key1`

and `key2`

, which we can then utilise to decrypt the flag.

## Solve Script

And we get the flag as `HTB{m337_m3_1n_7h3_m1ddl3_0f_3ncryp710n}`

!

Last updated