interencdec CTF Write-up

This challenge was about encoding and encryption mechanisms, and pretty straight-forward.

An encrypted/encoded string is presented to us in this challenge: 

"YidkM0JxZGtwQlRYdHFhR3g2YUhsZmF6TnFlVGwzWVROclh6ZzVNR3N5TXpjNWZRPT0nCg=="

I'll go through two methods to decode this string, one manually with CyberChef and another scripted in python.

Manual Solution

Immediately it is clear the string is base64 encoded based on the two equal signs at the end. It is easy using a tool like cyberchef to decode this and reveals another base64 encoded string:

Inspecting the output it is apparent that this may be a byte string that we could handle in python but before scripting lets complete the challenge manually with cyber chef.

The output is starting to look like a flag value, but is encrypted with some scheme. Since this challenge is considered easy, a Caesar cipher may have been used, which is trivial to bruteforce. This cipher is easy to break because there are only 26 letters in the alphabet, so 25 attempts is sufficient to brute force the cipher (done in seconds, maybe less than a second by a standard computer).

A shift of 19 reveals the flag.

Python Solution

The manual algorithm is to decode the string twice in base64 and then apply a Caesar shift of 19 to both upper and lower case letters. All other characters can remain the same. Here is an implementation of this algorithm:

exploit.py
import base64
import sys
from string import ascii_lowercase, ascii_uppercase 

def decode(payload):
	payload_bytes = payload.encode()
	string_bytes = base64.b64decode(payload_bytes)
	answer = string_bytes.decode()
	return answer

def ceasarShift(word):
	shift = int(sys.argv[1])
	res =''
	for x in word:
		if x in ascii_lowercase:
			if ord(x) + shift > ord(ascii_lowercase[-1]):
				newshift = (ord(x) + shift) - ord(ascii_lowercase[-1])
				res += ascii_lowercase[newshift-1] #0 index
			else:
				res += chr(ord(x) + shift)
		elif x in ascii_uppercase:
			if ord(x) + shift > ord(ascii_uppercase[-1]):
				newshift = (ord(x) + shift) - ord(ascii_uppercase[-1])
				res += ascii_uppercase[newshift-1] #0 index
			else:
				res += chr(ord(x) + shift)
		else:
			res += x

	print(f"Decrypted Message with a caesar shift of {shift}: {res}")


enc_flag = "YidkM0JxZGtwQlRYdHFhR3g2YUhsZmF6TnFlVGwzWVROclh6ZzVNR3N5TXpjNWZRPT0nCg=="

flag = decode(enc_flag)

print(f"Decoded Once: {flag[2:50]}")

flag = decode(flag[2:50])
print(f"Decoded Twice: {flag}")

ceasarShift(flag)

The results give us the flag (also we pass our shift as a command line argument):

Resources

#picoCTF2024

PreviousArbitrary Memory Write with Format StringsNextVerify CTF Write-up

Last updated