Thumbnail: ctflearn

CTFlearn 887 - Suspecious message

by on under writeups
4 minute read

Write-up on CTFlearn’s challenge 887 - Suspecious message. Fari’s sus… Challenge author: xuadzilczak.


Cryptography, 90 points

Hello! My friend Fari send me this suspecious message: ‘MQDzqdor{Ix4Oa41W_1F_B00h_m1YlqPpPP}’ and photo.png. Help me decrypt this!




When you have an unknown ciphertext and you’re looking for the right cipher to use, one of the best things you could do is use a website like Boxentriq’s Cipher Identifier and Analyzer. After, we probably will be able to figure out what that weird “photo.png” grid is.

As our first try, let’s input the raw ciphertext and hope for good results.

Boxentriq 1

Unfortunately, as you can see in the screenshot above, the site has not found the format it could be in. This may be due to some characters not being in the cipher’s alphabet (for instance, the curly braces). Actually, in photo.png, only letters are used. Thus, we could select the Letters Only option in Text Options… to remove every character other than letters. This could solve our problem.

Boxentriq 2

This time, we’ve got a result: Base64 Encoding! Let’s try it out…

Base64 fail

Unfortunately, as the image above shows, this text doesn’t look to be simply base64 encoded. Let’s continue our research. In photo.png, we can notice all letters are uppercase. This could mean that the case doesn’t matter in that cipher, thus we could try putting all letters in the ciphertext in uppercase too. We can achieve this by using the UPPER option in Text Options….

Boxentriq 3

This time, we have got a more interesting, but seemingly quite vague result. Indeed, we are given 11 possible different options, including the Unknown Cipher seen before. By taking a quick look at each one of them, we can find that the Playfair Cipher uses a grid similar to photo.png as key. Let’s go along with this cipher by digging deeper into it.

Playfair Cipher

The Playfair Cipher is an encryption technique invented by Charles Wheatstone in 1854. It was invented specifically for secrecy in telegraphy. Using a 5x5 table of letters as key, this cipher functions in the following manner:

  1. To encrypt, it first breaks down the message into digrams (groups of 2 letters): ATTACKATDAWN would become AT TA CK AR DA WN (it appends an uncommon letter, such as X, to messages with an odd amount of characters)
  2. It then performs its main substitution, determined by four simple rules applied, in order, to each digram:
    1. If both letters are the same (or only one letter is left), add an “X” after the first letter. Encrypt the new pair and continue. Some variants of Playfair use “Q” instead of “X”, but any letter, itself uncommon as a repeated pair, will do. (source: Wikipedia)
    2. If the letters appear on the same row of your table, replace them with the letters to their immediate right respectively (wrapping around to the left side of the row if a letter in the original pair was on the right side of the row). (source: Wikipedia)
    3. If the letters appear on the same column of your table, replace them with the letters immediately below respectively (wrapping around to the top side of the column if a letter in the original pair was on the bottom side of the column). (source: Wikipedia)
    4. If the letters are not on the same row or column, replace them with the letters on the same row respectively but at the other pair of corners of the rectangle defined by the original pair. The order is important – the first letter of the encrypted pair is the one that lies on the same row as the first letter of the plaintext pair. (source: Wikipedia)

    To decrypt, use the opposite of the operations above. Finally, drop every extra “X”s at the end of the decrypted plaintext.
    Wikipedia holds a very visual example of these rules, you should probably check it out to get a better understanding of this cipher.

Decrypting the Ciphertext

With all that said, we could now use the integrated Playfair Cipher Decoder in Boxentriq itself to decode our given ciphertext. For that, we will first need to trigger the Decrypt mode and enter the letters from the grid of photo.png in the Encryption key input field (from left to right, top to bottom). Finally, enter the ciphertext and you will get the flag!


comments powered by Disqus