PicoCTF2022 - substitution1
Description
A second message has come in the mail, and it seems almost identical to the first one. Maybe the same thing will work again. Download the message here.
Information
Point Value: 100 points
Category: Cryptography
Hints
- Try a frequency attack.
- Do the punctuation and the individual words help you make any substitutions?
Solution
We know the text file is encoded using a substitution cipher, so we open the txt file to obtain the encoded
cipher, and use CyberChef to decode it. However, this time we are not given
the key, so we must figure this out using a combination of known plaintext and frequency analysis. We know that
the last line must be the flag and is in the format "the flag is: picoCTF{...}", so working backwards we can
figure out part of the key is "A*Z*XDREB**Q**JC**GW******", corresponding to the letters
"ABCDEFGHIJKLMNOPQRSTUVWXYZ", where "*" are still unknown substitutes. We start to get a legible/decipherable
text, and continue to work backwards to figure out the key.
CTFs (shoft fof captpfe the flag) afe a tspe of coipptef secpfits coipetitiov. Covtestavts afe pfesevtem hith a set of challevges hhich test theif cfeatiyits, techvical (avm googlivg) snills, avm pfotlei-solyivg atilits. Challevges pspalls coyef a vpitef of categofies, avm hhev solyem, each sielms a stfivg (callem a flag) hhich is sptiittem to av ovlive scofivg sefyice. CTFs afe a gfeat has to leafv a hime affas of coipptef secpfits snills iv a safe, legal evyifovievt, avm afe hostem avm plasem ts iavs secpfits gfopps afopvm the hoflm fof fpv avm pfactice. Fof this pfotlei, the flag is: picoCTF{FF3LP3VCS_4774CN5_4F3_C001_4871E6FT}
We see the letter 'R' is substituted with 'F', 'U' with 'P', 'Y' with 'S', 'M' with 'I', 'N' with 'V', 'D' with
'M', 'W' with 'H', 'V' with 'Y', 'K' for 'N', 'B' for 'T'. After reversing these substitutions, we get our key
"ATZMXDREB*NQIVJC*FGWPYH*S*" and a legible paragraph and message, with the deciphered flag at the end.
CTFs (short for capture the flag) are a type of computer security competition. Contestants are presented with a set of challenges which test their creativity, technical (and googling) skills, and problem-solving ability. Challenges usually cover a number of categories, and when solved, each yields a string (called a flag) which is submitted to an online scoring service. CTFs are a great way to learn a wide array of computer security skills in a safe, legal environment, and are hosted and played by many security groups around the world for fun and practice. For this problem, the flag is: picoCTF{FR3LU3NCY_4774CK5_4R3_C001_4871E6FB}
We quickly note that the flag spells the word "frequency" wrong, which means there is one more substitution of a
'Q' with 'L' that we missed.
| A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| A | T | Z | M | X | D | R | E | B | * | N | * | I | V | J | C | L | F | G | W | P | Y | H | * | S | * |