PicoCTF Writeup – caesar
# Information:
CTF Name: PicoCTF
CTF Challenge: caesar
Challenge Category: Cryptography
Challenge Points: 100
PicoCTF 2019.
# Challenge Description:
Decrypt this message.
Once I clicked on the word message a file names ciphertext was download, below you can see the contents:
Relevant hint: caesar cipher tutorial.
# Writeup
This challenge is interesting. By analyzing the contents of the ciphertext we can easily see that the flag is ciphered. Knowing the title of the challenge it is fair to assume that the technique used to cipher the data was the caesar technique.
Looking at the Relevant hint, we see that the word tutorial has an URL. By clicking on it we are presented with a description of how the Caesar Cipher works. After performing a simple reading, I understood better how this Cipher works.
It works by shifting the letters on the text by a certain number of positions. The number of positions to shift is unknown.
One example would be having the letter M and shifting it by 3 positions would become P.
Knowing this is interesting but without the number to shift how will we be able to crack the message? It is quite simple to perform a brute force attack.
To perform this attack I wrote a script in python 3, see image below:
alphabet="abcdefghijklmnopqrstuvwxyz"
encrypted_flag = "gvswwmrkxlivyfmgsrhnrisegl"
length_text = len(encrypted_flag)
for j in range(26):
for i in range(length_text):
print(chr(((ord(encrypted_flag[i])-j)-97)%26+97), end='')
print()
print()
Well, what this code does is: it shifts each of the letters of the encrypted_flag (declaration in line 3 and loop in line 8) by 0-25 times (for loop in lane 7). Meaning that it tries every possible shift value and prints it out to the user (line 9).
Once I finished the script I executed it in my Linux terminal, this was the output:
These are all the possible combinations of original messages. Looking at each one we see that the only one that makes a little sense is:
I decided to try this string as the flag and…
The Python 3 script code can be found here.
The image source can be found here.
Thank you very much for reading!
Cheers,
MRegra