In simple terms, encoding refers to the process of conversion of data from one form to another. Common encoding techniques one can encounter during CTF events are the following:
- URL encoding: convert characters using the ASCII character-set so that they can be transmitted over the Internet. Non-ASCII characters are replaced with a %, followed by the hexadecimal digits.
- UNICODE: encoding standard for a universal character set (UTF-8, UTF-16, and UTF-32).
- Base64: is used to encode binary data into equivalent American Standard Code for Information Interchange (ASCII) characters.
- ASCII encoding: is a type of character-encoding and represent English characters as numbers, where each letter is assigned with a number from 0 to 127.
Best described as one-way functions, hashing provides a unique output for every input. However, collisions – two different pieces of data that produce the same unique output – have been detected with MD5 and SHA1 algorithms.
Example below shows the creation of a MD5 hash of string using command-line tools:
echo -n pasword | md5sum
Example below shows the creation of a MD5 hash of a file using command-line tools:
Use the Kali built-in utility to identify hashes:
An XOR or eXclusive OR is a bitwise operation that is widely used in cryptography. XOR is a quick and easy way to encrypt data with a password.
xortool is great at analyzing multi-byte XOR ciphers.
Tools and Resources
A collection of tools to keep close during CTF events:
- CryptoPals: cryptography challenges and exercises.
- CRYPTO CORNER: a website dedicated to explaining codes and ciphers.
- CrackStation: crack hashes.
- Hashes.com: lookup hashes.