# PicoCTF - Eduardo Guerrero A. 00326712 #

# Interencdec #

## First Way ##

In [1]:
import base64
from collections import Counter
import string

In [2]:
cpt = "YidkM0JxZGtwQlRYdHFhR3g2YUhsZmF6TnFlVGwzWVROclgya3lNRFJvYTJvMmZRPT0nCg=="

The use of UpperCase and lowercase letters and numbers suggest this might be a base 62, however, since this base is not really common, its better to try with base 64 first.

In [3]:
plt = base64.b64decode(cpt).decode('utf-8')
print(plt)

b'd3BqdkpBTXtqaGx6aHlfazNqeTl3YTNrX2kyMDRoa2o2fQ=='



The message we get seems to still be in base 64, considering we still have uppercase and lowercase letters and numbers. This time we have a full text inside aphostrophes, so we'll ignore the "b" at the beginning.

In [4]:
cpt2 = plt.strip()[2:-1]
cpt2

'd3BqdkpBTXtqaGx6aHlfazNqeTl3YTNrX2kyMDRoa2o2fQ=='

In [5]:
plt2 = base64.b64decode(cpt2).decode('utf-8')
print(plt2)

wpjvJAM{jhlzhy_k3jy9wa3k_i204hkj6}


Since the format of the flag has the key inside "{ }", we can guess this is the format of the picoFlag, next, considering the hint said "Engaging in various decoding processes is of utmost importance", we'll try a new decoding process, the ceaser cipher.

In [6]:
def caesar_decipher(ciphertext):
    def shift_char(char, shift):
        if char.isalpha():
            # Determine the case
            start = ord('A') if char.isupper() else ord('a')
            # Apply shift
            return chr((ord(char) - start - shift) % 26 + start)
        else:
            # Keep non-alphabetic characters unchanged
            return char

    # Print all 26 possible shifts
    for shift in range(26):
        plaintext = ''.join(shift_char(char, shift) for char in ciphertext)
        print(f"Shift {shift}: {plaintext}")

In [7]:
caesar_decipher(plt2)

Shift 0: wpjvJAM{jhlzhy_k3jy9wa3k_i204hkj6}
Shift 1: voiuIZL{igkygx_j3ix9vz3j_h204gji6}
Shift 2: unhtHYK{hfjxfw_i3hw9uy3i_g204fih6}
Shift 3: tmgsGXJ{geiwev_h3gv9tx3h_f204ehg6}
Shift 4: slfrFWI{fdhvdu_g3fu9sw3g_e204dgf6}
Shift 5: rkeqEVH{ecguct_f3et9rv3f_d204cfe6}
Shift 6: qjdpDUG{dbftbs_e3ds9qu3e_c204bed6}
Shift 7: picoCTF{caesar_d3cr9pt3d_b204adc6}
Shift 8: ohbnBSE{bzdrzq_c3bq9os3c_a204zcb6}
Shift 9: ngamARD{aycqyp_b3ap9nr3b_z204yba6}
Shift 10: mfzlZQC{zxbpxo_a3zo9mq3a_y204xaz6}
Shift 11: leykYPB{ywaown_z3yn9lp3z_x204wzy6}
Shift 12: kdxjXOA{xvznvm_y3xm9ko3y_w204vyx6}
Shift 13: jcwiWNZ{wuymul_x3wl9jn3x_v204uxw6}
Shift 14: ibvhVMY{vtxltk_w3vk9im3w_u204twv6}
Shift 15: haugULX{uswksj_v3uj9hl3v_t204svu6}
Shift 16: gztfTKW{trvjri_u3ti9gk3u_s204rut6}
Shift 17: fyseSJV{squiqh_t3sh9fj3t_r204qts6}
Shift 18: exrdRIU{rpthpg_s3rg9ei3s_q204psr6}
Shift 19: dwqcQHT{qosgof_r3qf9dh3r_p204orq6}
Shift 20: cvpbPGS{pnrfne_q3pe9cg3q_o204nqp6}
Shift 21: buoaOFR{omqemd_p3od9bf3p_n204mpo6}
Shift 22: atnzNEQ{nl

We find that shift 7 is the right one. picoCTF{caesar_d3cr9pt3d_b204adc6}

## Second Way ##

We use the website at https://www.base64decode.org to decode the message the first two times

![](interendec_d1.png)

Here we can see what would've happened had we not remove the "b" before the aphostrophes

![](interendec_d2.png)

And the result with the correct text

![](interendec_d3.png)

Knowing that w maps to p, since the plaintext starts with "picoCTF" and the format of the cipher text is the same as the plaintext, we can find the value of the shift.

In [8]:
shift = ord('w') - ord('p') 
shift

7

In [9]:
def caesar_decipher(ciphertext):
    def shift_char(char):
        if char.isalpha():
            # Determine the case
            start = ord('A') if char.isupper() else ord('a')
            # Apply shift
            return chr((ord(char) - start - 7) % 26 + start)
        else:
            # Keep non-alphabetic characters unchanged
            return char
    plaintext = ''.join(shift_char(char) for char in ciphertext)
    print(f"{plaintext}")

In [10]:
cpt = "wpjvJAM{jhlzhy_k3jy9wa3k_i204hkj6}"
plt = caesar_decipher(cpt)

picoCTF{caesar_d3cr9pt3d_b204adc6}


# The Numbers #

![](the_numbers.png)

## First Way ##

In [11]:
cpt = "16 9 3 15 3 20 6 { 20 8 5 14 21 13 2 5 18 19 13 1 19 15 14 }"

Considering the format of the flag is there (The "{ }" being present), we can try to map each number to a letter in the alphabet.

In [12]:
def number_to_letter_map(input_string):
    # Dictionary to map numbers to letters
    num_to_letter = {str(i): chr(64 + i) for i in range(1, 27)}
    
    # Split the input string into parts
    parts = input_string.split()
    
    result = []
    for part in parts:
        # Check if the part is a number between 1 and 26
        if part.isdigit() and 1 <= int(part) <= 26:
            result.append(num_to_letter[part])
        else:
            # If not a valid number, keep it as is
            result.append(part)
    
    # Join the result back into a string
    return ''.join(result)

In [13]:
plt = number_to_letter_map(cpt)
print(plt)

PICOCTF{THENUMBERSMASON}


We know the answer is correct since the hint tell us "The flag is in the format PICOCTF{}", so there is no need to worry about lowercase letters. The function maps A to 1 and Z to 26.

## Second Way ##

In [14]:
cpt = "16 9 3 15 3 20 6 { 20 8 5 14 21 13 2 5 18 19 13 1 19 15 14 }"

Given that the hint tells us the format is PICOCTF, we can map the letters to the numbers, so we dont have to guess which number belongs to which letter.
If we consider this is a map in order, we can see that P = 16 and work from there.

In [15]:
def number_to_letter_with_P_as_16(input_string):
    # Define the offset for shifting: 'F' is normally 6, so shift by (16 - 6)
    offset = 16 - (ord('P') - ord('A') + 1)  # Shift of 10 to align 'F' with 16
    
    # Create a dictionary to map numbers 1-26 to letters, starting with F=16
    num_to_letter = {}
    for i in range(1, 27):
        # Apply the offset and wrap around using modulo to stay within 'A' to 'Z' range
        shifted_letter = chr(((i + offset - 1) % 26) + 65)  # 65 is ASCII for 'A'
        num_to_letter[str(i)] = shifted_letter

    # Split the input string into parts (numbers)
    parts = input_string.split()
    
    result = []
    for part in parts:
        # Check if the part is a number and within the valid range (1 to 26)
        if part.isdigit() and 1 <= int(part) <= 26:
            result.append(num_to_letter[part])  # Map the number to the shifted letter
        else:
            # If not a valid number, keep it as is
            result.append(part)
    
    # Join the result back into a string
    return ''.join(result)

In [16]:
plt = number_to_letter_with_P_as_16(cpt)
print(plt)

PICOCTF{THENUMBERSMASON}


With this approach, we could map the numbers if they were not in the common order (A to 1 until Z to 26)

# C3 #

## First Way ##

In [17]:
cpt = "DLSeGAGDgBNJDQJDCFSFnRBIDjgHoDFCFtHDgJpiHtGDmMAQFnRBJKkBAsTMrsPSDDnEFCFtIbEDtDCIbFCFtHTJDKerFldbFObFCFtLBFkBAAAPFnRBJGEkerFlcPgKkImHnIlATJDKbTbFOkdNnsgbnJRMFnRBNAFkBAAAbrcbTKAkOgFpOgFpOpkBAAAAAAAiClFGIPFnRBaKliCgClFGtIBAAAAAAAOgGEkImHnIl"

Here we are given the following encoder

In [18]:
import sys
chars = ""
from fileinput import input
for line in input():
  chars += line

lookup1 = "\n \"#()*+/1:=[]abcdefghijklmnopqrstuvwxyz"
lookup2 = "ABCDEFGHIJKLMNOPQRSTabcdefghijklmnopqrst"

out = ""

prev = 0
for char in chars:
  cur = lookup1.index(char)
  out += lookup2[(cur - prev) % 40]
  prev = cur

sys.stdout.write(out)

OSError: [Errno 22] Invalid argument: '--f=c:\\Users\\NICO\\AppData\\Roaming\\jupyter\\runtime\\kernel-v3de22a01a40633505dac9c0776c005cff3b7c8e7e.json'

We create a decipher function that does the opposite of what the cipher function does

In [52]:
def decipher_text(encrypted_text):
    # Lookup tables as in the original function
    lookup1 = "\n \"#()*+/1:=[]abcdefghijklmnopqrstuvwxyz"
    lookup2 = "ABCDEFGHIJKLMNOPQRSTabcdefghijklmnopqrst"
    
    # Start with the first 'prev' value as 0
    prev = 0
    decrypted = ""

    for char in encrypted_text:
        # Get the current index of the character from lookup2
        cur = lookup2.index(char)
        
        # Reverse the process to find the original character in lookup1
        orig_index = (cur + prev) % 40
        decrypted += lookup1[orig_index]
        
        # Update 'prev' to be the current original index for the next iteration
        prev = orig_index

    return decrypted

In [53]:
plt = decipher_text(cpt)
print(plt)

#asciiorder
#fortychars
#selfinput
#pythontwo

chars = ""
from fileinput import input
for line in input():
    chars += line
b = 1 / 1

for i in range(len(chars)):
    if i == b * b * b:
        print chars[i] #prints
        b += 1 / 1



Creating a decripter gives the following output:

```python
#asciiorder
#fortychars
#selfinput
#pythontwo

chars = ""
from fileinput import input
for line in input():
    chars += line
    b = 1 / 1

for i in range(len(chars)):
    if i == b * b * b:
        print chars[i] #prints
        b += 1 / 1
```


Since the script says "selfinput" and "pythontwo", we can understand this programm takes itself as a txt and its run on python two. To run it on python three we make some modifications

In [None]:
chars = ""
from fileinput import input
for line in input():
    chars += line
b = 1

for i in range(len(chars)):
    if i == (b * b * b):
        print(chars[i], end="")
        b += 1

print()

Then we call the program and give it the same input. We have saved the python2 File as "C3.txt" and the decipher code in python 3 as "decrypt_C3.py"

![](C3_answer.png)

As explained in the problem, "Enclose the flag in our wrapper for submission. If the flag was "example" you would submit "picoCTF{example}"." The answer is

picoCTF{adlibs}

## Second Way ##

We can run the script in python2, instead of tryingo to redo the script in python 3. This will help, since converting it to pyhton3 may create mistakes and problems with the decryption. For this, we use the website at https://onecompiler.com/python2

STDIN, on the upper right, is the input of the function

![](C3_Py2.png)

# Custom Encryption #

## First Way ##

We are given the following information

a = 97

b = 22

cipher is: [151146, 1158786, 1276344, 1360314, 1427490, 1377108, 1074816, 1074816, 386262, 705348, 0, 1393902, 352674, 83970, 1141992, 0, 369468, 1444284, 16794, 1041228, 403056, 453438, 100764, 100764, 285498, 100764, 436644, 856494, 537408, 822906, 436644, 117558, 201528, 285498]



Along with the encryption code:

In [None]:
from random import randint
import sys


def generator(g, x, p):
    return pow(g, x) % p


def encrypt(plaintext, key):
    cipher = []
    for char in plaintext:
        cipher.append(((ord(char) * key*311)))
    return cipher


def is_prime(p):
    v = 0
    for i in range(2, p + 1):
        if p % i == 0:
            v = v + 1
    if v > 1:
        return False
    else:
        return True


def dynamic_xor_encrypt(plaintext, text_key):
    cipher_text = ""
    key_length = len(text_key)
    for i, char in enumerate(plaintext[::-1]):
        key_char = text_key[i % key_length]
        encrypted_char = chr(ord(char) ^ ord(key_char))
        cipher_text += encrypted_char
    return cipher_text


def test(plain_text, text_key):
    p = 97
    g = 31
    if not is_prime(p) and not is_prime(g):
        print("Enter prime numbers")
        return
    a = randint(p-10, p)
    b = randint(g-10, g)
    print(f"a = {a}")
    print(f"b = {b}")
    u = generator(g, a, p)
    v = generator(g, b, p)
    key = generator(v, a, p)
    b_key = generator(u, b, p)
    shared_key = None
    if key == b_key:
        shared_key = key
    else:
        print("Invalid key")
        return
    semi_cipher = dynamic_xor_encrypt(plain_text, text_key)
    cipher = encrypt(semi_cipher, shared_key)
    print(f'cipher is: {cipher}')


if __name__ == "__main__":
    message = sys.argv[1]
    test(message, "trudeau")


From this we get the following information. 

```python
a = 97
b = 22
p = 97
g = 31
text_key = "trudeau"
```

The plain text first goes through the dynamic_xor_encrypt function and then the encrypt function.

We also know that the share key happens when key = b_key

To reverse this process, first we reverse the functions of encryption

In [63]:
def decrypt(ciphertext, key):
    plaintext = []
    for num in ciphertext:
        # Reverse the multiplication by dividing by (key * 311)
        orig_char = chr(num // (key * 311))
        plaintext.append(orig_char)
    return ''.join(plaintext)

In [66]:
def dynamic_xor_decrypt(cipher_text, text_key):
    plaintext = ""
    key_length = len(text_key)
    for i, char in enumerate(cipher_text):  # Reverse the cipher_text
        key_char = text_key[i % key_length]
        decrypted_char = chr(ord(char) ^ ord(key_char))
        plaintext += decrypted_char
    return plaintext

The rest of the functions remain the same

Now we add the information we previously find

In [115]:
a = 97
b = 22
p = 97
g = 31
text_key = "trudeau"
u = generator(g, a, p)
v = generator(g, b, p)
key = generator(v, a, p)
b_key = generator(u, b, p)
shared_key = None
if key == b_key:
    shared_key = key
else:
    print("Invalid key")

cipher = [151146, 1158786, 1276344, 1360314, 1427490, 1377108, 
          1074816, 1074816, 386262, 705348, 0, 1393902, 352674, 
          83970, 1141992, 0, 369468, 1444284, 16794, 1041228, 
          403056, 453438, 100764, 100764, 285498, 100764, 
          436644, 856494, 537408, 822906, 436644, 117558, 
          201528, 285498]

We know reverse the order of the following part of the code
```python
semi_cipher = dynamic_xor_encrypt(plain_text, text_key)
    cipher = encrypt(semi_cipher, shared_key)
    print(f'cipher is: {cipher}')
```

In [68]:
semi_plain = decrypt(cipher, shared_key)
plain_text = dynamic_xor_decrypt(semi_plain, text_key)
print(plain_text)

}7950354e_d6tp0rc2d_motsuc{FTCocip


We get a reversed string so we need to reverse it to get the hidden message.

In [69]:
plt = plain_text[::-1]
print(plt)

picoCTF{custom_d2cr0pt6d_e4530597}


## Second Way ##

Analyzing this part of the code
```python
def dynamic_xor_encrypt(plaintext, text_key):
    cipher_text = ""
    key_length = len(text_key)
    for i, char in enumerate(plaintext[::-1]):
        key_char = text_key[i % key_length]
        encrypted_char = chr(ord(char) ^ ord(key_char))
        cipher_text += encrypted_char
    return cipher_text

def dynamic_xor_decrypt(cipher_text, text_key):
    plaintext = ""
    key_length = len(text_key)
    for i, char in enumerate(cipher_text):  # Reverse the cipher_text
        key_char = text_key[i % key_length]
        decrypted_char = chr(ord(char) ^ ord(key_char))
        plaintext += decrypted_char
    return plaintext
```
We know we can get the ciphertext by doing an XOR of the plaintext and the text_key and we can ge the plaintext by doing an XOR of the ciphertext and the text_key (This works because the inverse of XOR is XOR itself).

Meaning, we could get the text_key given the ciphertext and the plaintext. 

We know part of the plaintext will be "picoCTF", se we can obtain the text_key with it.

Also, since we know a, b, p and g where used for the creation of the shared_key for the plaintext, we dont need to use this verificacion anymore

```python
u = generator(g, a, p)
v = generator(g, b, p)
key = generator(v, a, p)
b_key = generator(u, b, p)
shared_key = None
if key == b_key:
    shared_key = key
else:
    print("Invalid key")
```

And can just define shared_key as

```python
u = generator(g, a, p)
b_key = generator(u, b, p)
shared_key = b_key
```

or

```python
shared_key = generator(generator(g, a, p), b, p)
```

In [192]:
a = 97
b = 22
p = 97
g = 31
text_key = "picoCTF"
shared_key = generator(generator(g, a, p), b, p)

# cipher = [856494, 537408, 822906, 436644, 117558, 
#           201528, 285498]

cipher = [285498, 201528, 117558, 436644, 822906, 537408, 856494]

Since we had to reverse the plaintext to get the actual plaintext, we know the cipher needs to be in reverse to work, so we only use the last 7 blocks of the cipher and we reverse the order of them.

In [194]:
def decrypt(ciphertext, key):
    plaintext = []
    for num in ciphertext:
        # Reverse the multiplication by dividing by (key * 311)
        orig_char = chr(num // (key * 311))
        plaintext.append(orig_char)
    return ''.join(plaintext)

def dynamic_xor_decrypt(cipher_text, text_key):
    plaintext = ""
    key_length = len(text_key)
    for i, char in enumerate(cipher_text):  # Reverse the cipher_text
        key_char = text_key[i % key_length]
        decrypted_char = chr(ord(char) ^ ord(key_char))
        plaintext += decrypted_char
    return plaintext

semi_plain = decrypt(cipher, shared_key)
plain_text = dynamic_xor_decrypt(semi_plain, text_key)
print(plain_text)

aedurtu


Now we try this key without reversing the order of the plaintext at the end

In [171]:
a = 97
b = 22
p = 97
g = 31
text_key = "aedurtu"
shared_key = generator(generator(g, a, p), b, p)

cipher = [151146, 1158786, 1276344, 1360314, 1427490, 1377108, 
          1074816, 1074816, 386262, 705348, 0, 1393902, 352674, 
          83970, 1141992, 0, 369468, 1444284, 16794, 1041228, 
          403056, 453438, 100764, 100764, 285498, 100764, 
          436644, 856494, 537408, 822906, 436644, 117558, 
          201528, 285498]

In [172]:
def decrypt(cipher, key):
    plaintext = ""
    for number in cipher:
        plaintext += chr(number // key // 311)
    return plaintext

def dynamic_xor_decrypt(cipher, text_key):
    decrypted_text = ""
    key_length = len(text_key)
    for i, char in enumerate(cipher[::-1]):
        key_char = text_key[i % key_length]
        decrypted_char = chr(ord(char) ^ ord(key_char))
        decrypted_text += decrypted_char
    return decrypted_text

semi_plain = decrypt(cipher, shared_key)
plain_text = dynamic_xor_decrypt(semi_plain, text_key)
print(plain_text)

picoCTF{custom_d2cr0pt6d_e4530597}


# Rotation #

## First Way ##

In [180]:
cpt = "xqkwKBN{z0bib1wv_l3kzgxb3l_555957n3}"

The name of the challenge, "rotation" hints us to this being a ROT cipher

We create a function to decipher this

In [181]:
def rot_decrypt(ciphertext, shift):
    decrypted = ""
    for char in ciphertext:
        if char.isalpha():
            shift_amount = 65 if char.isupper() else 97
            decrypted += chr((ord(char) - shift_amount - shift) % 26 + shift_amount)
        else:
            decrypted += char  # Non-alphabetic characters are unchanged
    return decrypted

In [185]:
for shift in range(26):
    plt = rot_decrypt(cpt, shift)
    print(f"Shift {shift}: {plt}")

Shift 0: xqkwKBN{z0bib1wv_l3kzgxb3l_555957n3}
Shift 1: wpjvJAM{y0aha1vu_k3jyfwa3k_555957m3}
Shift 2: voiuIZL{x0zgz1ut_j3ixevz3j_555957l3}
Shift 3: unhtHYK{w0yfy1ts_i3hwduy3i_555957k3}
Shift 4: tmgsGXJ{v0xex1sr_h3gvctx3h_555957j3}
Shift 5: slfrFWI{u0wdw1rq_g3fubsw3g_555957i3}
Shift 6: rkeqEVH{t0vcv1qp_f3etarv3f_555957h3}
Shift 7: qjdpDUG{s0ubu1po_e3dszqu3e_555957g3}
Shift 8: picoCTF{r0tat1on_d3crypt3d_555957f3}
Shift 9: ohbnBSE{q0szs1nm_c3bqxos3c_555957e3}
Shift 10: ngamARD{p0ryr1ml_b3apwnr3b_555957d3}
Shift 11: mfzlZQC{o0qxq1lk_a3zovmq3a_555957c3}
Shift 12: leykYPB{n0pwp1kj_z3ynulp3z_555957b3}
Shift 13: kdxjXOA{m0ovo1ji_y3xmtko3y_555957a3}
Shift 14: jcwiWNZ{l0nun1ih_x3wlsjn3x_555957z3}
Shift 15: ibvhVMY{k0mtm1hg_w3vkrim3w_555957y3}
Shift 16: haugULX{j0lsl1gf_v3ujqhl3v_555957x3}
Shift 17: gztfTKW{i0krk1fe_u3tipgk3u_555957w3}
Shift 18: fyseSJV{h0jqj1ed_t3shofj3t_555957v3}
Shift 19: exrdRIU{g0ipi1dc_s3rgnei3s_555957u3}
Shift 20: dwqcQHT{f0hoh1cb_r3qfmdh3r_555957t3}
Shift 21: cvpbPGS{e0gng

We see that shift 8 had the pico flag

Shift 8: picoCTF{r0tat1on_d3crypt3d_555957f3}

## Second Way ##

Knowing the start of the plaintext is picoCTF, and guessing the cipher text was just encryoted by a rotation cipher (considering the start has the same amount of letters as "picoCTF" before having "{", followed by text and ending with "}", which follows the picoCTF flag format), we can map the letter x to p

In [188]:
shift = ord('x') - ord('p')
shift

8

Given 8 as the shift, we can modify the function and the way its called to get the answer immediately, instead of by brute force

In [189]:
def rot_decrypt_8(ciphertext):
    decrypted = ""
    for char in ciphertext:
        if char.isalpha():
            shift_amount = 65 if char.isupper() else 97
            decrypted += chr((ord(char) - shift_amount - 8) % 26 + shift_amount)
        else:
            decrypted += char  # Non-alphabetic characters are unchanged
    return decrypted

In [190]:
plt = rot_decrypt_8(cpt)
print(plt)

picoCTF{r0tat1on_d3crypt3d_555957f3}
