PicoCTF Writeup – Easy1
# Information:
CTF Name: PicoCTF
CTF Challenge: Easy1
Challenge Category: Cryptography
Challenge Points: 100
PicoCTF 2019.
# Challenge Description:
The one time pad can be cryptographically secure, but not when you know the key. Can you solve this? We’ve given you the encrypted flag, key, and a table to help UFJKXQZQUNB with the key of SOLVECRYPTO. Can you use this table to solve it?.
By clicking in the table word on the challenge, we are presented with the file “table.txt” with the following contents:
Relevant hint: Submit your answer in our flag format. For example, if your answer was ‘hello’, you would submit ‘picoCTF{HELLO}’ as the flag.
# Writeup
In cryptography, the one-time pad (OTP) is an encryption technique that cannot be cracked, but requires the use of a one-time pre-shared key the same size as, or longer than, the message being sent. In this technique, a plaintext is paired with a random secret key (also referred to as a one-time pad). Then, each bit or character of the plaintext is encrypted by combining it with the corresponding bit or character from the pad using modular addition.” at Wikipedia.
As we can see, the numeric values of the letters, corresponding to their position in the alphabet, are used to make the modular addition. It is important to remember that if a number is larger than 25, then the remainder after subtraction of 26 is wrapped around, meaning that because the computations go past Z, the sequence starts again at A, at Wikipedia.
Performing this manually is cumbersome and takes a long time. Because I am lazy I decided to create a python script to decipher the message for me. Here is the code:
alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
key = "SOLVECRYPTO"
encrypted_flag = "UFJKXQZQUNB"
length_text = len(encrypted_flag)
for i in range(length_text):
if((ord(encrypted_flag[i])-ord(key[i]))>=0):
print(chr(ord(encrypted_flag[i])-ord(key[i])+65), end = '')
else:
print(chr(ord(encrypted_flag[i])-ord(key[i])+91), end = '')
print()
This code does what we intended, it deciphers the encrypted_flag using the key. Let’s try to analyze it closely.
The if statement verifies if the difference between the numeric value of the letter in the position i of the encrypted_flag, when subtracted to the letter in the position i of the key, is equal or greater than 0. If so, then a normal subtraction is done and I add 65 to the result because “A” in ASCII is 65, and if the difference is 0 then we are representing an “A”.
The elif statement verifies if the difference between the numeric value of the letter in the position i of the encrypted_flag, when subtracted to the letter in the position i of the key, is less than 0. If so, then we have to wrap around. We do so by adding 91. To explain why this works I will give an example:
Now, if we do 91 + (-19) we get: 72. => 72 = H in ASCII. which is what is expected, according to the previous example
We reached to 91 because it consists of 65 + 26 = 91. And, to remind you, 26 is the number of letters in the alphabet, and 65 is the letter “A” in ASCII. After finishing the code I executed in on my Linux terminal:
And to get the flag just highlight the line below:
The original code can be found here.
Thank you very much for reading!
Cheers,
MRegra
