The key is generated using current_time = int(time.time()), hence if we send two request quickly, the value of current_time is the same, leading to the same key. We can reuse this key for decryption of the flag.
Another idea is to generate the space of all possible keys that can be generated on the server. However, it seems like there is some time sync issue (the time on my machine is different from the time on the server), hence we will need a bigger range of time, specifically range(current_time - 100, current_time + 101), where current_time is the time measured using int(time.time()) on our machine. The following is the implementation of the first approach.
Python Implementation:
xfrom pwn import * import json
io = remote('socket.cryptohack.org', 13372)io.recvline()
# Can send the flag, then decrypt later# I pick this approach which is about the same thing - to obtain the key first FLAG = b'crypto{????????????????????}'to_send = {'option': 'encrypt_data', 'input_data': FLAG.hex()}io.sendline(json.dumps(to_send).encode())enc_data = json.loads(io.recvline().decode())['encrypted_data']enc_data = bytes.fromhex(enc_data)key = xor(enc_data, FLAG)
# Request the flag immediately after, then decrypt using the key obtainedto_send = {'option': 'get_flag'}io.sendline(json.dumps(to_send).encode())enc_flag = json.loads(io.recvline().decode())['encrypted_flag']enc_flag = bytes.fromhex(enc_flag)print(xor(enc_flag, key))