Encoding Techniques
In simple terms, encoding refers to the process of conversion of data from one form to another. Common encoding techniques one can encounter during CTF events are the following:
- URL encoding: convert characters using the ASCII character-set so that they can be transmitted over the Internet. Non-ASCII characters are replaced with a %, followed by the hexadecimal digits.
- UNICODE: encoding standard for a universal character set (UTF-8, UTF-16, and UTF-32).
- Base64: is used to encode binary data into equivalent American Standard Code for Information Interchange (ASCII) characters.
- ASCII encoding: is a type of character-encoding and represent English characters as numbers, where each letter is assigned with a number from 0 to 127.
Hashing
Best described as one-way functions, hashing provides a unique output for every input. However, collisions – two different pieces of data that produce the same unique output – have been detected with MD5 and SHA1 algorithms.
String Hashing
Example below shows the creation of a MD5 hash of string using command-line tools:
echo -n pasword | md5sum
File Hashing
Example below shows the creation of a MD5 hash of a file using command-line tools:
md5sum sample-file.txt
Identifying Hashes
Use the Kali built-in utility to identify hashes:
hash-identifier
XOR
An XOR or eXclusive OR is a bitwise operation that is widely used in cryptography. XOR is a quick and easy way to encrypt data with a password.
xortool is great at analyzing multi-byte XOR ciphers.
Tools and Resources
A collection of tools to keep close during CTF events:
Additional resources:
- CryptoPals: cryptography challenges and exercises.
- CRYPTO CORNER: a website dedicated to explaining codes and ciphers.
- CrackStation: crack hashes.
- Hashes.com: lookup hashes.