PicoCTF-2021 Writeup
  • README
  • Binary Exploitation
    • Binary Gauntlet 0
    • Binary Gauntlet 1
    • Stonks
    • What's your input?
  • Cryptography
    • Compress and Attack
    • Dachshund Attacks
    • Double DES
    • Easy Peasy
    • It is my Birthday 2
    • It's Not My Fault 1
    • Mini RSA
    • New Caesar
    • New Vignere
    • No Padding, No Problem
    • Pixelated
    • Play Nice
    • Scrambled: RSA
  • Forensics
    • Disk, disk, sleuth!
    • Disk, disk, sleuth! II
    • information
    • MacroHard WeakEdge
    • Matryoshka doll
    • Milkslap
    • Surfing the Waves
    • Trivial Flag Transfer Protocol
    • tunn3l v1s10n
    • Very very very Hidden
    • Weird File
    • Wireshark doo dooo do doo...
    • Wireshark twoo twooo two twoo...
  • Reverse Engineering
    • ARMssembly 0
    • ARMssembly 2
    • ARMssembly 3
    • ARMssembly 4
    • gogo
    • Hurry up! Wait!
    • keygenme-py
    • Let's get dynamic
    • Rolling My Own
    • Shop
    • speeds and feeds
    • Transformation
  • Web Exploitation
    • Ancient History
    • Bithug
    • GET aHEAD
    • It is my Birthday
    • More Cookies
    • Most Cookies
    • Scavenger Hunt
    • Some Assembly Required 1
    • Some Assembly Required 2
    • Some Assembly Required 3
    • Some Assembly Required 4
    • Super Serial
    • Web Gauntlet 2
    • Web Gauntlet 3
    • Who are you?
    • X marks the spot
Powered by GitBook
On this page
  • Problem
  • Solution
  • Flag

Was this helpful?

Edit on GitHub
  1. Cryptography

New Vignere

PreviousNew CaesarNextNo Padding, No Problem

Last updated 2 years ago

Was this helpful?

Problem

Another slight twist on a classic, see if you can recover the flag. (Wrap with picoCTF{}) epdfglkfnbjbhbpicohidjgkhfnejeecmjfnejddgmhpndmchbmifnepdhdmhbah new_vignere.py

Solution

  1. This challenge is similar to (the code is nearly identical) except its a Vignere cipher.

  2. The hint for this challenge points to , which explains the "Kasiski examination". We can use to automatically find the key length to be 9. shows that the key length could be 3, 9, or 6.

  3. The recommends using to discover the key letter (Caesar shift) for each column of the vignere cipher. However, that does not work in this case because the Vigenère table has been scrambled by the b16_encode function.

  4. According to Wikipedia: "Once the length of the key is known, the ciphertext can be rewritten into that many columns, with each column corresponding to a single letter of the key. Each column consists of plaintext that has been encrypted by a single Caesar cipher. The Caesar key (shift) is just the letter of the Vigenère key that was used for that column. Using methods similar to those used to break the Caesar cipher, the letters in the ciphertext can be discovered."

  5. I sort of implement the above method. The problem is the b16_encode function, which splits the letters of the flag in two. Because of this function, we cannot simply bruteforce each column of the Vignere matrix as described above the output is transformed by the b16_decode function. The letters are merged together and the output might not fit within the alphabet even if the key is correct.

  6. However, we can still use the above method to make educated guesses about the key since if the b16_decode function produces valid ascii output with a certain caesar key then it is likely to be the correct key. This bruteforce takes place on lines 53-77 of the .

  7. Next, we bruteforce the letters of the key that we could not make educated guesses for using itertools.permutations. We test every possible key (keeping the guessed letters constant) and display the output when it satisfying the assert statement on line 20 of .

  8. output:

    Vignere Matrix:
    [['e' 'p' 'd' 'f' 'g' 'l' 'k' 'f' 'n']
    ['b' 'j' 'b' 'h' 'b' 'p' 'i' 'c' 'o']
    ['h' 'i' 'd' 'j' 'g' 'k' 'h' 'f' 'n']
    ['e' 'j' 'e' 'e' 'c' 'm' 'j' 'f' 'n']
    ['e' 'j' 'd' 'd' 'g' 'm' 'h' 'p' 'n']
    ['d' 'm' 'c' 'h' 'b' 'm' 'i' 'f' 'n']
    ['e' 'p' 'd' 'h' 'd' 'm' 'h' 'b' 'a']
    ['h' '0' '0' '0' '0' '0' '0' '0' '0']]
    Trying column 0... Found key `b`... 
    Trying column 1... 
    Trying column 2... Found key `a`... 
    Trying column 3... 
    Trying column 4... Found key `a`... Found key `f`... Found key `g`... 
    Trying column 5... 
    Trying column 6... Found key `e`... 
    Trying column 7... Found key `p`... 
    Trying column 8... Found key `k`... 
    Key Possibilities: {0: ['b'], 1: -1, 2: ['a'], 3: -1, 4: ['a', 'f', 'g'], 5: -1, 6: ['e'], 7: ['p'], 8: ['k']}
    Bruteforcing 3 values...
    1791it [00:00, 8611.44it/s]
    Flag Possibility: picoCTF{94bf01ad4b8a63425c32c02ba4c9632f}
    3360it [00:00, 9305.95it/s]
    Bruteforcing Complete
    Total Guesses: 3504

Flag

picoCTF{94bf01ad4b8a63425c32c02ba4c9632f}

new_vignere.py
New Caesar
The Cryptanalysis section of Vigenère Cipher Wikipedia Page
an online Kasiski test tool
DCode
Wikipedia page
Kerckhoffs' method
solve script
new_vignere.py
solve script