Participants may encounter challenges involving encryption and decryption, deciphering encoded messages, or breaking cryptographic algorithms.
Basic Terminology
- Cipher: an algorithm for performing encryption or decryption.
- Plaintext: the unencrypted or “original” message.
- Ciphertext: the encrypted message.
- Key: a piece of information that specifies the transformation of plaintext into ciphertext, and vice versa for decryption algorithms.
Type of Ciphers
Symmetric Cipher uses the same key to encrypt and decrypt the message. For example, ROT13.
Asymmetric Cipher uses two distinct yet related keys (public and private) to encrypt and decrypt the message. For example, RSA.
Block Cipher is an algorithm which is used in conjunction with a cryptosystem in order to package a message into evenly distributed ‘blocks’ which are encrypted one at a time.
Stream Cipher is used for symmetric key cryptography, or when the same key is used to encrypt and decrypt data.
Common Ciphers
Substitution Cipher
A Substitution Cipher is system of encryption where different symbols substitute a normal alphabet – replace letters in the plaintext with other letters, numbers, symbols, etc.
Caesar Cipher
The Caesar Cipher or Caesar Shift is a cipher which uses the alphabet in order to encode texts. It relies on a substitution method that involves rotating an alphabet by key n and substituting the rotated letters for the plaintext letters. The best visualisation of how this works is a Caesar Cipher Wheel.
CAESAR encoded with a shift of 8 is KIMAIZ so ABCDEFGHIJKLMNOPQRSTUVWXYZ becomes IJKLMNOPQRSTUVWXYZABCDEFGH
ROT13 (fixed shift of 13) is a popular substitution cipher. ROT13 is just a Caesar cipher with a key of 13. (Or n=13).
Morse Code
Morse code is a substitution cipher originally designed for telegrams, it’s alphabet consists of dots, dashes and slashes.
This is some plaintext becomes - .... .. ... / .. ... / ... --- -- . / .--. .-.. .- .. -. - . -..- -
Baconian
Bacon’s cipher or the Baconian cipher is a method of steganography (a method of hiding a secret message as opposed to just a cipher) devised by Francis Bacon in 1605. A message is concealed in the presentation of text, rather than its content. The Baconian cipher is a substitution cipher in which each letter is replaced by a sequence of 5 characters. In the original cipher, these were sequences of A’s and B’s e.g. the letter “D” was replaced by “aaabb”, the letter “O” was replaced by “abbab” etc.
Each letter is assigned to a string of five binary digits. These could be the letters ‘A’ and ‘B’, the numbers 0 and 1 or whatever else you may desire.
Polyalphabetic Substitution Ciphers
A substitution cipher that uses multiple substitution alphabets.
Vigenere
A Vigenere Cipher is an extend version of the Caesar Cipher where a message is encrypted using various Caesar shifted alphabets. It is best described as a keyed cipher that essentially re-orders rotated alphabets from the Caesar Cipher using a keyword.
Note: Different tools implement this cipher in slightly different ways, so you might not get all of the plaintext depending on the tool you use.
Hill Cipher
The Hill Cipher is another polyalphabetic substitution cipher, and it is based in linear algebra.
Transposition / Permutation
Transposition or permutation ciphers manipulate and re-arrange the letters in the message instead of substituting different letters in their place.
Rail Fence
The Rail Fence Cipher walks up and down “rails” to scramble letters (also called a zigzag cipher). This key for this cipher is the number of rails.
Columnar Transposition
Columnar Transposition focus on arranging the plaintext in columns and then rearranging the text. The key for this cipher is a series of numbers that dictate the order of the columns, and you’ll need to know how many columns were used. For example, the number of columns is 5, and the key is 23541.
Encoding Techniques
In simple terms, encoding refers to the process of conversion of data from one form to another. It is the translation of data. Different computer systems operate with different forms of encoding like different people use different languages.
Same data can be encoded into various forms.
Base: The total number of unique elements we can use to represent data in an encoding format.
American Standard Code for information interchange (ASCII)
A type of character-encoding and represent English characters as numbers, where each letter is assigned with a number from 0 to 127.
- “a-z” => 97–122
- “A-Z” => 65–90
- “0–9” => 48–57
URL Encoding
Convert characters using the ASCII character-set so that they can be transmitted over the Internet. Non-ASCII characters are replaced with a %, followed by the hexadecimal digits. The identifying feature of URL encoding is the usage of percentage signs and some plaintext (although there is base64 and base32 URL encoding).
UNICODE
Encoding standard for a universal character set (UTF-8, UTF-16, and UTF-32).
Base 2 (Binary)
The most basic and widely used encoding scheme. It has only uses two unique numbers which one is 0 and second one is 1.
Tool: Binary to ASCII Converter
Base 16 (HEX)
Base 16 encoding uses the hexadecimal number system (0123456789ABCDEF) to encode text. Some identifying characteristic of Base 16 encoding include the fact that it uses only hexadecimal characters and never needs padding (an equals sign at the end).
Base 32
Base 32 is very similar to Base 16 encoding but it has a larger alphabet [A-Z, 2-7], and uses padding characters (equals signs). Some identifying characteristics of base32 encoding are the padding characters (equal signs) and the upper-case and numeric alphabet.
Base 64
Base 64 relies on an even larger alphabet [A-Z,a-z,0–9,+,/], and it also uses padding characters (equal signs). The identifying features of base64 encoding are the upper and lower case alphabet, use of numbers, and message padding (equals signs at the end of the string).
Hashing
Best described as one-way functions, hashing provides a unique output for every input. However, collisions – two different pieces of data that produce the same unique output – have been detected with MD5 and SHA1 algorithms.
String Hashing
Example below shows the creation of a MD5 hash of string using command-line tools:
echo -n pasword | md5sum
File Hashing
Example below shows the creation of a MD5 hash of a file using command-line tools:
md5sum sample-file.txt
Identifying Hashes
Use the Kali built-in utility to identify hashes:
hash-identifier
XOR
An XOR or eXclusive OR is a bitwise operation that is widely used in cryptography. XOR is a quick and easy way to encrypt data with a password.
xortool is great at analyzing multi-byte XOR ciphers.
Tools and Resources
A collection of tools to keep close during CTF events:
Additional resources:
- CryptoPals: cryptography challenges and exercises.
- CryptoHack: more cryptography challenges and exercises.
- CRYPTO CORNER: a website dedicated to explaining codes and ciphers.
- Ciphers and Codes: list of well-known codes and ciphers.
- Practical Cryptography: overviews of codes, ciphers and hashes.
- CrackStation: crack hashes.
- Hashes.com: lookup hashes.
- Cipher Identifier and Analyzer: identify the type of cipher.
Write-ups
Write-ups of Cryptographic CTF Challenges:
- https://0xmachos.com/2021-04-30-CTF-Cryptography-Challenges/
- https://www.meusec.com/ctf/crypto-cohesion-writeup/
- https://systemweakness.com/cryptohack-write-up-series-part-i-general-challenges-ed1ab16fba55
- https://dev.to/lambdamamba/ctf-writeup-picoctf-2022-cryptography-2ilc
Practice
The following TryHackMe rooms offer practical exercises to grasp the topics discussed above.
- Crypto Introduction
- Crypto for Dummies
- Break RSA
- Capture the Flag – put your crypto skills to the test.