Skip to content

Captain C's Secrets (Part 2)

ostseekind edited this page Apr 13, 2019 · 8 revisions

The Challenge had the following description

We found one of Captain Cryptos secrets!!! Unfortunately it's encrypted... Please help us to decrypt the file and learn about one of Captain Cryptos secrets.

The attached file had the following content:

Qzcz dpr jlg kr kzeogm ca dpr vwibrd Iaj mtwauqam, dbsc svgu eps Fev Gnpzs'f wwek ew pr cmrt epoa mia kgmf oo arky Uceo bb jz bvnx knt pdse lm quym Gbwm fgj mog yz ok pihrx Absp aol vqik lvr yob yogm Phd iyr lzs nqzrko ig grml pzqb grm fzludrnm Luf avbetq tpdse dixk xwfr dpnt jwi tsdr Oy bvr mqeiwm cs vqsk Tb'g grm jnpmz bp nbxecbr Sb'f zsm zrkx bl qiwgr Qg'y eps okvq uq pcco Bvrw es ssvq ufz dykkr Uy bvr zign fvkvxlvtr Qb grm pockzr, dpr itzqyo ws rtns Fyur uq cg skty hj bvr gilytls Nxl fuxm cs ea fulz hb dpr yeiff Kvq yzus bp cf ylqz grzbarp chb beufjzrc Iaj dwar riik ew zvfm joep huo apgca Huozr'y qif gyw zanp hb dixk tv vrbm Zucm hb pqaj epoa mia kgmf oo nbayl Phd buk Dcb eytyoyo vvqp gncwitr buk didcrqek dsm Xomcy rzsnd iaj duoyv wa zsm santryd zchxl Gnp nznq qf sfkqgp{361j5p512h91325qiss4k1m2nj70on84t3588p243o7053j14s7g4072m4mrn4lm}

Just from inspecting the file content you can see that there is a suspicious long "word" at the end of the file

sfkqgp{361j5p512h91325qiss4k1m2nj70on84t3588p243o7053j14s7g4072m4mrn4lm}

This is most likely the flag, as from the opening challenge we know the flag format

mucctf{lets_get_started}

Following that lead the cipher seems to be a substitution cipher or some kind of rotation. Let's analyze these few characters

mucctf{lets_get_started}

sfkqgp{361j5p512h91325qiss4k1m2nj70on84t3588p243o7053j14s7g4072m4mrn4lm}

Following observations:

  • the characters { and } stay the same
  • m -> s (right shift by 6 characters)
  • u -> f (left shift by 15 characters)
  • c -> k (right shift by 8 characters)
  • c -> q (right shift by 14 characters) This does not look like a simple substitution cipher (as every position has a different shift...) In addition it is not a ceasar cipher as well (same reason)

So there must be a key which defines how many positions a characters is shifted.

Let's try a Vignere Cipher which positions the letters of the alphabet in a square with plaintext characters as columns and key characters as rows as shown in the picture below (More information: Wikipedia Vignere Cipher)

That means to decrypt we need to select the column based on the plaintext characters and the cell based on the ciphertext characters. The corresponding row is the key characters. For example:

  • m (plaintext) -> s (ciphertext) -> G (row letter)
  • u (plaintext) -> f (ciphertext) -> L (row letter)
  • c (plaintext) -> k (ciphertext) -> I (row letter)
  • c (plaintext) -> q (ciphertext) -> O (row letter)
  • t (plaintext) -> g (ciphertext) -> N (row letter)
  • f (plaintext) -> p (ciphertext) -> K (row letter)

That seem's to work: at least the term "LION" could be part of the key... We need to continue like that until the key repeats. If we do not know enough plaintext letters, we would e.g. need to analyze letter frequencies or try to find meaningful words.

CrypTool is a very handy tool to analyse (and learn about) ciphers:

We can open the ciphertext file and analyse the content

Using "Ciphertext only" Analysis for Vignere in CrypTool we a derived key length of 8 charcters

Let's accept that and "Continue"

The derived key is "LIONKING"

Let's "Decrypt"

And we got the flag!

Clone this wiki locally
You can’t perform that action at this time.