Iced TEA Writeup - Cyber Apocalypse 2024

Last update: April 02, 2024

1 Introduction
2 Key Techniques
3 Artifacts Summary
4 Static Analysis
- 4.1 output.txt
- 4.2 source.py
5 Implementing the decryptor the fast/easy/cheat way
- 5.1 Reversing the encrypt_block algorithm
- 5.2 Adapting source.py to decrypt the ciphertext
6 Implementing the decrypt_block function the knowledgeable way
7 Obtaining the flag
8 Conclusion

→ 1 Introduction

This writeup covers the Iced TEA Crypto challenge from the Hack The Box Cyber Apocalypse 2024 CTF, which was rated as having an ‘easy’ difficulty. The challenge involved implementing the decryption function corresponding to an encryption function that was provided in Python source code.

The description of the challenge is shown below.

→ 2 Key Techniques

The key techniques employed in this writeup are:

Manual Python source code review
Solving the challenge in two different ways
- Using Perplexity AI to easily and quickly generate part of the decryption code
- Manually creating the decryption code

→ 3 Artifacts Summary

The downloaded artifact had the following hash:

$ shasum -a256 crypto_iced_tea.zip
b4d6d9e625bf61a0d9f9a09ea31432a1416bda6ecae22887322ec2dc1df45017  crypto_iced_tea.zip

The zip file contained a single Python source code file, source.py, and output.txt:

$ unzip crypto_iced_tea.zip
Archive:  crypto_iced_tea.zip
   creating: crypto_iced_tea/
  inflating: crypto_iced_tea/source.py
  inflating: crypto_iced_tea/output.txt

$ shasum -a256 crypto_iced_tea/*
b521e676eb94750b78e4b502885a8ca46962f2d66249c81c69f8fbe34559fe90  crypto_iced_tea/output.txt
1ee61336bb323eb8c033a3be96f4130ba2dcdd831a00fecec1fba0febae310d9  crypto_iced_tea/source.py

→ 4 Static Analysis

→ 4.1 output.txt

output.txt contains hex encoded ciphertext and a 16 byte long, hex encoded encryption key:

Key : 850c1413787c389e0b34437a6828a1b2
Ciphertext : b36c62d96d9daaa90634242e1e6c76556d020de35f7a3b248ed71351cc3f3da97d4d8fd0ebc5c06a655eb57f2b250dcb2b39c8b2000297f635ce4a44110ec66596c50624d6ab582b2fd92228a21ad9eece4729e589aba644393f57736a0b870308ff00d778214f238056b8cf5721a843

→ 4.2 source.py

source.py contains Python code that encrypts the flag. Notable features:

In the ‘main’ block:
- Line 62: securely generates a 16 byte long key.
- Line 63: creates a new instance of Cipher with the key but no iv.
- Line 64: uses the Cipher instance to encrypt the flag.
In the Cipher class:
- Line 14: internally, the key is decomposed into a list of 4 byte blocks, with each block converted to a long.
- Line 16-20: uses an encryption mode of ECB (Electronic Code Book) since the constructor was not passed an iv.
- Line 26: pads the msg to ensure the length of the message is a multiple of the block size.
- Line 27: breaks the message up into 8 byte blocks.
- Line 32: encrypts each block in the message independently, as expected from ECB mode.
- Line 41: the encrypt_block function is responsible for encrypting each block of 8 bytes. Further analysis of the function will be performed later in the writeup.

import os
from secret import FLAG
from Crypto.Util.Padding import pad
from Crypto.Util.number import bytes_to_long as b2l, long_to_bytes as l2b
from enum import Enum

class Mode(Enum):
    ECB = 0x01
    CBC = 0x02

class Cipher:
    def __init__(self, key, iv=None):
        self.BLOCK_SIZE = 64
        self.KEY = [b2l(key[i:i+self.BLOCK_SIZE//16]) for i in range(0, len(key), self.BLOCK_SIZE//16)]
        self.DELTA = 0x9e3779b9
        self.IV = iv
        if self.IV:
            self.mode = Mode.CBC
        else:
            self.mode = Mode.ECB

    def _xor(self, a, b):
        return b''.join(bytes([_a ^ _b]) for _a, _b in zip(a, b))

    def encrypt(self, msg):
        msg = pad(msg, self.BLOCK_SIZE//8)
        blocks = [msg[i:i+self.BLOCK_SIZE//8] for i in range(0, len(msg), self.BLOCK_SIZE//8)]

        ct = b''
        if self.mode == Mode.ECB:
            for pt in blocks:
                ct += self.encrypt_block(pt)
        elif self.mode == Mode.CBC:
            X = self.IV
            for pt in blocks:
                enc_block = self.encrypt_block(self._xor(X, pt))
                ct += enc_block
                X = enc_block
        return ct

    def encrypt_block(self, msg):
        m0 = b2l(msg[:4])
        m1 = b2l(msg[4:])
        K = self.KEY
        msk = (1 << (self.BLOCK_SIZE//2)) - 1

        s = 0
        for i in range(32):
            s += self.DELTA
            m0 += ((m1 << 4) + K[0]) ^ (m1 + s) ^ ((m1 >> 5) + K[1])
            m0 &= msk
            m1 += ((m0 << 4) + K[2]) ^ (m0 + s) ^ ((m0 >> 5) + K[3])
            m1 &= msk

        m = ((m0 << (self.BLOCK_SIZE//2)) + m1) & ((1 << self.BLOCK_SIZE) - 1) # m = m0 || m1

        return l2b(m)



if __name__ == '__main__':
    KEY = os.urandom(16)
    cipher = Cipher(KEY)
    ct = cipher.encrypt(FLAG)
    with open('output.txt', 'w') as f:
        f.write(f'Key : {KEY.hex()}\nCiphertext : {ct.hex()}')

→ 5 Implementing the decryptor the fast/easy/cheat way

→ 5.1 Reversing the encrypt_block algorithm

Implementing the decryptor hinges on reversing the algorithm implemented by the encrypt_block function. This is a little bit time consuming to do manually. I have to admit to ~~cheating~~ making full use of the resources available to any competitor and asking Perplexity AI to reverse the algorithm for me:

how do I write a decrypt function corresponding to the following encrypt?

def encrypt_block(self, msg):
    m0 = b2l(msg[:4])
    m1 = b2l(msg[4:])
    K = self.KEY
    msk = (1 << (self.BLOCK_SIZE//2)) - 1

    s = 0
    for i in range(32):
        s += self.DELTA
        m0 += ((m1 << 4) + K[0]) ^ (m1 + s) ^ ((m1 >> 5) + K[1])
        m0 &= msk
        m1 += ((m0 << 4) + K[2]) ^ (m0 + s) ^ ((m0 >> 5) + K[3])
        m1 &= msk

    m = ((m0 << (self.BLOCK_SIZE//2)) + m1) & ((1 << self.BLOCK_SIZE) - 1) # m = m0 || m1

    return l2b(m)

To write a decrypt function corresponding to the provided encrypt function, you need to reverse the operations performed during encryption. Here is an example of a decrypt function that corresponds to the given encrypt function:

def decrypt_block(self, msg):
    m = b2l(msg)
    msk = (1 << (self.BLOCK_SIZE // 2)) - 1
    K = self.KEY

    m0 = m >> (self.BLOCK_SIZE // 2)
    m1 = m & msk

    s = self.DELTA * 32
    for i in range(32):
        m1 -= ((m0 << 4) + K[2]) ^ (m0 + s) ^ ((m0 >> 5) + K[3])
        m1 &= msk
        m0 -= ((m1 << 4) + K[0]) ^ (m1 + s) ^ ((m1 >> 5) + K[1])
        m0 &= msk
        s -= self.DELTA

    return l2b((m0 << 32) + m1)

In this decrypt function:

The input msg is converted back to two parts m0 and m1.
The operations performed during encryption are reversed to obtain the original message.
The final message is reconstructed by combining m0 and m1.
The decrypted message is returned after converting it back to bytes format.

This decrypt function should correspond to the provided encrypt function and reverse the encryption process to retrieve the original message.

→ 5.2 Adapting source.py to decrypt the ciphertext

source.py was modified to incorporate the Perplexity AI generated code and decrypt the ciphertext as follows:

Line 2: the FLAG import is commented out.
Line 3: unpad is imported.
Line 59: a decrypt function is added. It is similar to the encrypt function except that it:
- Only incorporates the ECB mode code.
- Swaps the usage of the pt (plaintext) and ct (ciphertext) variables.
- Calls decrypt_block instead of encrypt_block.
- Instead of padding the input message, calls unpad to remove padding from the decrypted text.
Line 68: the decrypt_block function is the Perplexity AI generated code.
Line 89-92: modified to decrypt using the key and ciphertext from output.txt.

import os
#from secret import FLAG
from Crypto.Util.Padding import pad, unpad
from Crypto.Util.number import bytes_to_long as b2l, long_to_bytes as l2b
from enum import Enum

class Mode(Enum):
    ECB = 0x01
    CBC = 0x02

class Cipher:
    def __init__(self, key, iv=None):
        self.BLOCK_SIZE = 64
        self.KEY = [b2l(key[i:i+self.BLOCK_SIZE//16]) for i in range(0, len(key), self.BLOCK_SIZE//16)]
        self.DELTA = 0x9e3779b9
        self.IV = iv
        if self.IV:
            self.mode = Mode.CBC
        else:
            self.mode = Mode.ECB

    def _xor(self, a, b):
        return b''.join(bytes([_a ^ _b]) for _a, _b in zip(a, b))

    def encrypt(self, msg):
        msg = pad(msg, self.BLOCK_SIZE//8)
        blocks = [msg[i:i+self.BLOCK_SIZE//8] for i in range(0, len(msg), self.BLOCK_SIZE//8)]

        ct = b''
        if self.mode == Mode.ECB:
            for pt in blocks:
                ct += self.encrypt_block(pt)
        elif self.mode == Mode.CBC:
            X = self.IV
            for pt in blocks:
                enc_block = self.encrypt_block(self._xor(X, pt))
                ct += enc_block
                X = enc_block
        return ct

    def encrypt_block(self, msg):
        m0 = b2l(msg[:4])
        m1 = b2l(msg[4:])
        K = self.KEY
        msk = (1 << (self.BLOCK_SIZE//2)) - 1

        s = 0
        for i in range(32):
            s += self.DELTA
            m0 += ((m1 << 4) + K[0]) ^ (m1 + s) ^ ((m1 >> 5) + K[1])
            m0 &= msk
            m1 += ((m0 << 4) + K[2]) ^ (m0 + s) ^ ((m0 >> 5) + K[3])
            m1 &= msk

        m = ((m0 << (self.BLOCK_SIZE//2)) + m1) & ((1 << self.BLOCK_SIZE) - 1) # m = m0 || m1

        return l2b(m)

    def decrypt(self, msg):
        blocks = [msg[i:i+self.BLOCK_SIZE//8] for i in range(0, len(msg), self.BLOCK_SIZE//8)]

        pt = b''
        for ct in blocks:
            pt += self.decrypt_block(ct)
        return unpad(pt, self.BLOCK_SIZE//8)

    # Perplexity generated
    def decrypt_block(self, msg):
        m = b2l(msg)
        msk = (1 << (self.BLOCK_SIZE // 2)) - 1
        K = self.KEY

        m0 = m >> (self.BLOCK_SIZE // 2)
        m1 = m & msk

        s = self.DELTA * 32
        for i in range(32):
            m1 -= ((m0 << 4) + K[2]) ^ (m0 + s) ^ ((m0 >> 5) + K[3])
            m1 &= msk
            m0 -= ((m1 << 4) + K[0]) ^ (m1 + s) ^ ((m1 >> 5) + K[1])
            m0 &= msk
            s -= self.DELTA

        return l2b((m0 << 32) + m1)



if __name__ == '__main__':
    KEY = bytes(bytearray.fromhex('850c1413787c389e0b34437a6828a1b2'))
    cipher = Cipher(KEY)
    pt = cipher.decrypt(bytes(bytearray.fromhex('b36c62d96d9daaa90634242e1e6c76556d020de35f7a3b248ed71351cc3f3da97d4d8fd0ebc5c06a655eb57f2b250dcb2b39c8b2000297f635ce4a44110ec66596c50624d6ab582b2fd92228a21ad9eece4729e589aba644393f57736a0b870308ff00d778214f238056b8cf5721a843')))
    print(f'pt: {pt}')

→ 6 Implementing the decrypt_block function the knowledgeable way

The biggest benefit from any CTF is the learning experience so this section describes in detail how to understand the encrypt_block function and, thus, how to manually derive the decrypt_block function. Please note that this section only delves into understanding the mechanics of the code - it does not cover any underlying encryption algorithm theory.

→ 6.1 Understanding the Cipher state variables

→ 6.1.1 self.BLOCK_SIZE

During encryption, the block size is used on line 27 to divide the message into blocks of bytes. Given the block size is divided by 8, the number of bits in a byte, this means the initial assignment of self.BLOCK_SIZE = 64 equals a block size of 64 bits.

blocks = [msg[i:i+self.BLOCK_SIZE//8] for i in range(0, len(msg), self.BLOCK_SIZE//8)]

The decomposition of a message into blocks can be visualized in an IPython session:

Define the block size:
```
In [1]: BLOCK_SIZE = 64
```
Create a 16 byte long test message, where the high order 8 bytes all contain 0xFF and the low order 8 bytes all contain 0xEE:
```
In [2]: msg = b'\xFF'*8 + b'\xEE'*8
```

Visualize the block decomposition:

In [3]: blocks = [msg[i:i+BLOCK_SIZE//8] for i in range(0, len(msg), BLOCK_SIZE//8)]

In [4]: blocks
Out[4]: [b'\xff\xff\xff\xff\xff\xff\xff\xff', b'\xee\xee\xee\xee\xee\xee\xee\xee']

→ 6.1.2 The self.KEY variable

The self.KEY variable is produced by dividing the key into 4 byte blocks and converting each block from bytes to a long:

self.KEY = [b2l(key[i:i+self.BLOCK_SIZE//16]) for i in range(0, len(key), self.BLOCK_SIZE//16)]

Using the hex key 850c1413787c389e0b34437a6828a1b2 from the challenge, this can be visualized in an IPython session:

$ python3 -mvenv venv
$ . ./venv/bin/activate
$ pip install pycryptodome
$ ipython

<snip/>

In [1]: from Crypto.Util.number import bytes_to_long as b2l, long_to_bytes as l2b

In [2]: BLOCK_SIZE = 64

In [4]: key = bytes(bytearray.fromhex('850c1413787c389e0b34437a6828a1b2'))

In [5]: KEY = [b2l(key[i:i+BLOCK_SIZE//16]) for i in range(0, len(key), BLOCK_SIZE//16)]

In [6]: KEY
Out[6]: [2232161299, 2021406878, 187974522, 1747493298]

→ 6.1.3 DELTA

self.DELTA is just a constant number, 4 bytes long.

self.DELTA = 0x9e3779b9

→ 6.2 Understanding the encrypt_block function

Lines 42-43 of the encrypt_block function contain the following:

m0 = b2l(msg[:4])
m1 = b2l(msg[4:])

The msg argument is known to be 8 bytes long, the length of a block. Line 42 takes the 4 high order bytes and converts them to a long, whereas Line 43 does the same for the 4 low order bytes. Visualizing this in IPython:

Create an 8 byte long test message, where the high order 4 bytes all contain 0xFF and the low order 4 bytes all contain 0xEE:
```
In [19]: msg = b'\xFF'*4 + b'\xEE'*4

In [20]: msg
Out[20]: b'\xff\xff\xff\xff\xee\xee\xee\xee'
```

Compute m0 as both a long and bytes:

In [21]: m0 = b2l(msg[:4])
    ...:

In [22]: m0
Out[22]: 4294967295

In [23]: l2b(m0)
Out[23]: b'\xff\xff\xff\xff'

Similarly, compute m1:

In [26]: m1 = b2l(msg[4:])

In [27]: m1
Out[27]: 4008636142

In [28]: l2b(m1)
Out[28]: b'\xee\xee\xee\xee'

Line 44 is just self.KEY:

K = self.KEY

As seen earlier, for the hex key 850c1413787c389e0b34437a6828a1b2, self.KEY is:

[2232161299, 2021406878, 187974522, 1747493298]

Line 45 is a 4 byte mask of all 1s:

msk = (1 << (self.BLOCK_SIZE//2)) - 1

Visualizing this in IPython:

In [1]: hex((1 << (64//2)) - 1)
Out[1]: '0xffffffff'

Lines 47-53 is where the encryption actually occurs, mixing bits of the message with itself and the key:

s = 0
for i in range(32):
    s += self.DELTA
    m0 += ((m1 << 4) + K[0]) ^ (m1 + s) ^ ((m1 >> 5) + K[1])
    m0 &= msk
    m1 += ((m0 << 4) + K[2]) ^ (m0 + s) ^ ((m0 >> 5) + K[3])
    m1 &= msk

In detail:

Line 47: s starts at 0.
Line 48: a loop of 32 iterations is made.
Line 49: s is incremented by self.DELTA in each iteration.
Line 50: m0 is incremented by a number each iteration. The amount to increment is calculated from m1, s and numbers from K.
Line 51: only the lower 4 bytes of m0 are kept.
Lines 52-53: very similar to the previous two lines but for m1 this time and the calculation uses the m0 that was just modified in the current iteration.

Line 55, as indicated by the comment in the original source code, concatenates m0 and m1.

m = ((m0 << (self.BLOCK_SIZE//2)) + m1) & ((1 << self.BLOCK_SIZE) - 1) # m = m0 || m1

In detail:

((m0 << (self.BLOCK_SIZE//2)) + m1) shifts m0 left by 32 bits (4 bytes) so that m0 becomes the high order 4 bytes of the result, then adds m1 so that m1 becomes the low order 4 bytes of the result.
& ((1 << self.BLOCK_SIZE) - 1) masks the result with 8 bytes of 1s, ensuring the result is only 8 bytes wide.

Line 57 converts the resulting long back to bytes:

return l2b(m)

→ 6.3 Manually creating the decrypt_block function

Manually creating the decrypt_block function amounts to stepping backwards through the encrypt_block and reversing each step:

Line 57 requires converting bytes back to a long:

m = b2l(msg)

Line 55 requires extracting the 4 high order bytes into m0 and the 4 low order bytes into m1:

m0 can be created by shifting half the block size of bits off to the right, discarding the 4 low order bytes
```
m0 = m >> (self.BLOCK_SIZE // 2)
```

m1 can be created by using the same mask used on line 45:

msk = (1 << (self.BLOCK_SIZE // 2)) - 1
m1 = m & msk

Lines 47-53 is a bit trickier to reverse due to the loop but it can be analyzed as follows:

After the final iteration:
- The value of m0 used to calculate m1 is placed into the 4 high order bytes of m on line 55. Thus, m0 at the start of the reversed iteration is known.
- s is also known, being 32 * self.DELTA after the final iteration.
- K is known because it is from the key.
Thus, the m1 calculation can be reversed by subtracting the known right hand side:
```
m1 -= ((m0 << 4) + K[2]) ^ (m0 + s) ^ ((m0 >> 5) + K[3])
```
The low order bits of arithmetic are not affected by what happens to the high order bits, hence the masking is symmetrical and can be applied after the subtraction¹:
```
m1 &= msk
```
After m1 is calculated, the m1 that was used to calculate m0 is now known and hence m0 can be calculated in a similar fashion:
```
m0 -= ((m1 << 4) + K[0]) ^ (m1 + s) ^ ((m1 >> 5) + K[1])
m0 &= msk
```
s then needs to be decremented prior to the next iteration:
```
s -= self.DELTA
```

Putting it all together results in the following loop:

s = 32 * self.DELTA
for i in range(32):
    m1 -= ((m0 << 4) + K[2]) ^ (m0 + s) ^ ((m0 >> 5) + K[3])
    m1 &= msk
    m0 -= ((m1 << 4) + K[0]) ^ (m1 + s) ^ ((m1 >> 5) + K[1])
    m0 &= msk
    s -= self.DELTA

Lines 44-45 are just declarations and can be left untouched and placed anywhere in the function prior to their first use:

K = self.KEY
msk = (1 << (self.BLOCK_SIZE//2)) - 1

Lines 42-43 simply require assembling the two halves of m0 and m1 back into a full block. This step can reuse the exact same code from lines 55-57 in encrypt_block:

m = ((m0 << (self.BLOCK_SIZE//2)) + m1) & ((1 << self.BLOCK_SIZE) - 1) # m = m0 || m1
return l2b(m)

Putting it all together results in a function that is very similar to the function generated by Perplexity AI:

def decrypt_block(self, msg):
    m = b2l(msg)
    m0 = m >> (self.BLOCK_SIZE // 2)
    msk = (1 << (self.BLOCK_SIZE // 2)) - 1
    m1 = m & msk

    K = self.KEY

    s = 32 * self.DELTA
    for i in range(32):
        m1 -= ((m0 << 4) + K[2]) ^ (m0 + s) ^ ((m0 >> 5) + K[3])
        m1 &= msk
        m0 -= ((m1 << 4) + K[0]) ^ (m1 + s) ^ ((m1 >> 5) + K[1])
        m0 &= msk
        s -= self.DELTA


    m = ((m0 << (self.BLOCK_SIZE//2)) + m1) & ((1 << self.BLOCK_SIZE) - 1) # m = m0 || m1
    return l2b(m)

→ 7 Obtaining the flag

The script was run and the flag was obtained, where the fag indicates the encryption algorithm used is the Tiny Encryption Algorithm. Both the Perplexity AI generated and manually created decrypt_block functions produce the same result.

$ python3 -mvenv venv
$ . ./venv/bin/activate
$ pip install pycryptodome
$ python3 source.py
pt: b'HTB{th1s_1s_th3_t1ny_3ncryp710n_4lg0r1thm_____y0u_m1ght_h4v3_4lr34dy_s7umbl3d_up0n_1t_1f_y0u_d0_r3v3rs1ng}'

→ 8 Conclusion

The flag was submitted and the challenge was marked as pwned

Submission of the flag marked the challenge as pwned

Footnotes

In case the intuition here is not obvious, a small experiment may be conducted by creating a test script that generates a random m1 value, adds a random 8 byte value to it and takes the low order 4 bytes, then computes the reverse operation and compares the result to the original:

import random
from Crypto.Util.number import bytes_to_long as b2l, long_to_bytes as l2b

# Conduct 10 tests
for i in range(0,10):
    # Generate a random 4 byte value for m1.
    m1 = b2l(random.randbytes(4))
    print(f"m1: {l2b(m1)}")

    # Generate random 8 bytes to add, representing the amount that is added to m1 during each
    # iteration in the encrypt_block function.
    random_amount_to_add  = b2l(random.randbytes(8))

    # The low order bytes mask.
    low_order_bytes_mask = (1 << (64//2)) - 1

    new_m1 = (m1 + random_amount_to_add) & low_order_bytes_mask
    print(f"new_m1: {l2b(new_m1)}")

    reversed_m1 = (new_m1 - random_amount_to_add) & low_order_bytes_mask

    print(f"reversed_m1: {l2b(reversed_m1)}")

    print(f"new_m1 == reversed_m1: {m1 == reversed_m1}")
    assert m1 == reversed_m1

Running the script provides empirical evidence supporting the intuitive conclusion that the mask operation can be applied after both the original addition and the reverse subtraction:

$ python3 -mvenv venv
$ . ./venv/bin/activate
$ pip install pycryptodome
$ python3 reverse_mask_test.py
m1: b'\xf4\\\x9f3'
new_m1: b'\xac^\xc7C'
reversed_m1: b'\xf4\\\x9f3'
new_m1 == reversed_m1: True
m1: b'\xca\xf8\x8d\x9c'
new_m1: b'\x05\xfd0\x8f'
reversed_m1: b'\xca\xf8\x8d\x9c'
new_m1 == reversed_m1: True
m1: b'\x9e\xf0KF'
new_m1: b'\xb2\x8fn\x1a'
reversed_m1: b'\x9e\xf0KF'
new_m1 == reversed_m1: True
m1: b'\xad8\x17\xc0'
new_m1: b'\xf0\xcb\xc6o'
reversed_m1: b'\xad8\x17\xc0'
new_m1 == reversed_m1: True
m1: b'D\xdbr\x94'
new_m1: b'\xef\xe1-\xa8'
reversed_m1: b'D\xdbr\x94'
new_m1 == reversed_m1: True
m1: b'\xee\x93r\xd8'
new_m1: b'\x8f\xa1C?'
reversed_m1: b'\xee\x93r\xd8'
new_m1 == reversed_m1: True
m1: b'\xdc\x1at\xde'
new_m1: b'\x9f\x1e\xdc'
reversed_m1: b'\xdc\x1at\xde'
new_m1 == reversed_m1: True
m1: b'\xd1aS\x1f'
new_m1: b'\x1cy\x80='
reversed_m1: b'\xd1aS\x1f'
new_m1 == reversed_m1: True
m1: b'\x9f\xb6\xd3P'
new_m1: b'\xc46\xd0\xc8'
reversed_m1: b'\x9f\xb6\xd3P'
new_m1 == reversed_m1: True
m1: b'\xb1\x89\x8b\xb3'
new_m1: b'\x16N\x85\x89'
reversed_m1: b'\xb1\x89\x8b\xb3'
new_m1 == reversed_m1: True

↩︎