Sad Little Pirate (150)
Our sad little pirate haes lost his password. 
It is known that the pirate has just one hand left; his left hand. So the paessword input is quite limited. Also he can still remember that the plaintext started with “674e2” and his password with “wcwteseawx” Please help the sad pirate finding his plaintext.
Ciphertext
0x40, 0x40, 0xa9, 0x8a, 0xd1, 0xae, 0x25, 0xdf, 0x8b, 0xe9, 0x7d, 0xf6, 0x5f, 0x90, 0xa9, 0x80, 0x97, 0xf3, 0x95, 0x80, 0xe4, 0x11, 0x65, 0x55, 0x0a, 0xdc, 0xf8, 0x29, 0x41, 0x7b, 0x00, 0x2c, 0x0f, 0x81, 0xb3, 0xb1, 0xbc, 0xdc, 0x83, 0x91, 0x1e, 0x06, 0x52, 0xd8, 0xa9, 0x28, 0x04, 0x35, 0x41, 0x6a, 0x33, 0x2f, 0x7a, 0x3f, 0x8b, 0x34, 0x91, 0x24, 0x9b, 0x3b, 0x66, 0x96, 0x25, 0x0c, 0x4c, 0x24, 0x36, 0xe6, 0x62, 0x1d, 0x0c, 0xf2, 0x38, 0x2b, 0x2d, 0x7e, 0x24, 0x8f, 0x08, 0x76, 0x92, 0xd0, 0x6a, 0xeb, 0x23, 0x29, 0x1b, 0x47, 0x96, 0x24, 0x45, 0xcd, 0x76, 0x47, 0x99, 0xdf, 0x49, 0x7c, 0xf2, 0xc3, 0xcc, 0x02, 0xd1, 0xbe, 0xb7, 0xe1, 0xae, 0xed, 0xe6, 0x82, 0x37, 0x30, 0xc3, 0xd2, 0x92, 0x08, 0x0f, 0xde, 0xa5, 0x21, 0xd9, 0x8b, 0xf8, 0xde, 0x60, 0x7c, 0x0e, 0x29
There is a nice hint that cipher is AES ( there were words ‘haes‘, ‘paessword’). Also, the pirate has only left hand, so the charset is “12345qwertasdfgzxcvb”.
Nothing special, use source and AES implementation, header to get the password:
$ gcc rijndaelbrute.c rijndael.c -O9 -o brute && time ./brute 2 Key: wcwteseawxqgvaqg Text: 674e2ea5b6d8fcdb49a3cf70bf5679202a7776d-YOU- MADE-IT-12bb1bceee69532bc830cb2ff8fc93f6c2c2ea4e5e 05d20f778736214bb814583a29ef0a4048 Bruteforce ended real 0m4.246s user 0m7.096s sys 0m0.548s
The flag is:
674e2ea5b6d8fcdb49a3cf70bf5679202a7776d-YOU-
MADE-IT-12bb1bceee69532bc830cb2ff8fc93f6c2c2
ea4e5e05d20f778736214bb814583a29ef0a4048
