picoCTF Cryptography Challenges

Task 1
Easy Peasy
Description: A one-time pad is unbreakable, but can you manage to recover the flag?

Step1: The otp.py python file is inspected. The command “nc mercury.picoctf.net 11188” initiates
communication with the server, essential for retrieving the encrypted flag or sending required
inputs.

Step 2: The command sends a long string of 'a' characters to a server at mercury.picoctf.net on
port 11188. This is often done to test the server's response to a large input. It can help identify
vulnerabilities or behaviors in the server's handling of data.

BE/Dept of CSE/BNMIT 1 2023-24

picoCTF Cryptography Challenges

Step 3: XOR-ing the encrypted message with the key

reveals the original message. ‘ef’ and ‘ea’ are parts
of the key, and pa is the encrypted message.
“ef^ea^pa” combines the key parts with the
encrypted message to get the original message back.
“{:x}.format()” converts the result into a readable
hexadecimal format.

An online tool is used to convert this hexadecimal result into ASCII text. The ASCII text you get
from the tool is the original message or flag. Decrypted the message by XOR-ing key segments
with the ciphertext, converted the result from hexadecimal to ASCII, and submitted the ASCII text
as the flag to picoCTF.

BE/Dept of CSE/BNMIT 2 2023-24

picoCTF Cryptography Challenges

Task 2
Pixelated
Description: I have these 2 images, can you make a flag out of
them? scrambled1.png scrambled2.png

‘scramble1.png’ and
‘scramble2.png’ are
the two given images

This code processes two images by summing their corresponding pixel values. Each pixel's RGB
values from both images are added together, and if the result exceeds the maximum value of 255,
it wraps around using modulo 256 to keep the values within the valid RGB range. The combined
result is saved as a new image called `flag.png`. This approach blends the two images, producing
a composite image that represents the combined colour information from the originals.

BE/Dept of CSE/BNMIT 3 2023-24

picoCTF Cryptography Challenges

picoCTF{d562333d} is the flag extracted

from the flag.png image.

The flag picoCTF{d562333d} indicates successful completion of the challenge.

BE/Dept of CSE/BNMIT 4 2023-24

picoCTF Cryptography Challenges

Task 3
Mini RSA
Description: Let's decrypt this: ciphertext? Something seems a bit small.

Given ciphertext file with ‘n’

and ‘c’.

In RSA encryption, `n` is the modulus used for both encryption and decryption, and `c` is the
ciphertext resulting from encrypting plaintext with the public key. This code attempts to decrypt a
ciphertext `c` by finding the cube root of modified ciphertext values (`c + i * n`) for values of `i`
from 0 to 3999. It converts the cube root result from hexadecimal to ASCII and checks if the string
"pico" (in hex: "7069636f") is present. When found, it prints the corresponding plaintext.

BE/Dept of CSE/BNMIT 5 2023-24

picoCTF Cryptography Challenges

The output b'picoCTF{n33d_a_lArg3r_e_ccaa7776}' indicates that the decryption was successful

and the flag obtained is picoCTF{n33d_a_lArg3r_e_ccaa7776}. This is a string revealing a
specific solution or result for the challenge, demonstrating that the decryption process correctly
identified and interpreted the plaintext from the given ciphertext and modulus.

BE/Dept of CSE/BNMIT 6 2023-24

picoCTF Cryptography Challenges

Task 4
No Padding, No Problem
Description: Oracles can be your best friend, they will decrypt anything, except the flag's
ciphertext. How will you break it? Connect with nc mercury.picoctf.net

This code connects to a remote server to

perform RSA decryption. It retrieves the
values of `n`, `e`, and `c`, modifies the
ciphertext, sends it back to the server,
and then processes the server's response
to extract the decrypted message.
Finally, it converts the decrypted value to
a readable format and prints it.

BE/Dept of CSE/BNMIT 7 2023-24

picoCTF Cryptography Challenges

The code connects to a remote server and retrieves the RSA parameters `n`, `e`, and the ciphertext
`c`. It then modifies the ciphertext, sends it back to the server, and receives the decrypted response.
Finally, it processes and prints the decrypted message, revealing the flag.

BE/Dept of CSE/BNMIT 8 2023-24

picoCTF Cryptography Challenges

Task 5
Substitution 1
Description: A second message has come in the mail, and it seems almost identical to the first
one. Maybe the same thing will work again.

Given encrypted message

Quipqiup online tool is a useful resource for decrypting messages encoded with simple ciphers
such as Caesar, Vigenère, or other classical encryption methods. Decrypting the message and
revealing the flag means successfully completing the challenge.

BE/Dept of CSE/BNMIT 9 2023-24

picoCTF Cryptography Challenges

Task 6
Substitution 0
Description: A message has come in but it seems to be all scrambled. Luckily it seems to have
the key at the beginning. Can you crack this substitution cipher? Download the message here.

Given encrypted message with

key given in the beginning of
file.

A substitution solver online tool decrypts messages by analyzing and substituting each letter of
the encoded text using the key, giving the correct plaintext letter, revealing the flag.

BE/Dept of CSE/BNMIT 10 2023-24

picoCTF Cryptography Challenges

Task 7
rail-fence
Description: A type of transposition cipher is the rail fence cipher, which is described here. Here
is one such cipher encrypted using the rail fence with 4 rails. Can you decrypt it?Download the
message here.Put the decoded message in the picoCTF flag
format, picoCTF{decoded_message}.

Given railfence encrypted

message.

CyberChef is an online tool that allows users to perform a wide range of data manipulation and
encryption/decryption tasks. It was used for decrypting the above message, to reveal the flag.

BE/Dept of CSE/BNMIT 11 2023-24

picoCTF Cryptography Challenges

Task 8
ReadMyCert
Description: How about we take you on an adventure on exploring certificate signing
requestsTake a look at this CSR file here.

Given encrypted certificate

file, gets decrypted using CSR
decoder and certificate verifier
online tool. The content of
certificate contains the flag.

BE/Dept of CSE/BNMIT 12 2023-24

picoCTF Cryptography Challenges

Task 9
HideToSee
Description: How about some hide and seek heh? Look at this image here.

Upon using “steghide”

command, the atbash.jpg
image is extracted and
converted to text file which
contains the flag.

Using CyberChef online tool,

the encrypted.txt encrypted
using atbash cipher, is
decrypted, revealing the flag.

BE/Dept of CSE/BNMIT 13 2023-24

picoCTF Cryptography Challenges

Task 10
interencdec
Description: Can you get the real meaning from this file. Download the file here.

“base64” command is used to

decrypt the given file
“enc_flag”. It produces
contents in base64 format.

The contents is copied to

Base64 decoder, online tool,
and it’s is decoded to produce a
Caesar cipher encoded text.
This shows that the enc_flag
file contents were encrypted
and then encoded (base64,
Caesar cipher respectively).

BE/Dept of CSE/BNMIT 14 2023-24

picoCTF Cryptography Challenges

A substitution solver online tool decrypts messages by analyzing and cracking the Caesar using
the brute force method, giving the correct plaintext letters, revealing the flag.

BE/Dept of CSE/BNMIT 15 2023-24