> Can't play CSAW without your favorite block cipher!
>
> nc crypto.chal.csaw.io 5001

Initial connection attempt:

    $ nc crypto.chal.csaw.io 5001
    Hello! For each plaintext you enter, find out if the block cipher used is ECB or CBC. Enter "ECB" or "CBC" to get the flag!
    Enter plaintext:
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    Ciphertext is:  e4667bbed18e16bfc2d6dbbea56d5241e4667bbed18e16bfc2d6dbbea56d5241e4667bbed18e16bfc2d6dbbea56d5241e4667bbed18e16bfc2d6dbbea56d5241e4667bbed18e16bfc2d6dbbea56d5241e4667bbed18e16bfc2d6dbbea56d5241f2a026af8ec44689976f9e280770030c
    ECB or CBC?

The service keeps asking you until you answer wrong.  This appears to
be a straight-forward ECB/CBC oracle, except it isn't.  The service
never sends you a flag and it doesn't seem to hide any data in the
response either (which would allow you to guess the hidden data one
byte at a time, another well-known attack).  Most annoyingly, it
disconnects after anywhere up to 176 consecutive successful tries.

At a later point a cryptic "<200" hint showed up.  Something terrible
dawned upon me, a tale about a CTF task at a qualifying event where an
(unreliable) web service sent out the flag in binary format, using the
presence/absence of a specific part in the HTTP response to signal
0/1.  This story inspired me to log a zero or one, depending on the
detected mode:

    01100110011011000110000101100111011110110100010101000011010000100101111101110010011001010100000001101100011011000111100101011111011100110101010101100011011010110010010001111101
    flag{ECB_re@lly_sUck$}