Skip to content
Switch branches/tags
Go to file
Cannot retrieve contributors at this time

Harekaze 2019 "Twenty-five" (100)

Writeup by Eric Zhang


With “ppencode”, you can write Perl code using only Perl reserved words.


Looking at, we realize that the flag is probably just obfuscated using the perl code, crypto.txt.

A quick look at, with modifications, reveals that it reads in a file, replaces all letters with *'s, and then evals it. Here's an example of a modification:

use open qw/:utf8/;

open(my $F, "<:utf8", 'crypto.txt') or die;
my $text;
while (my $l = <$F>)
  $l =~ s/[\r\n]+/ /g;
  $text .= $l;

#$text =~ y/abcdefghijklmnopqrstuvwxy/*************************/;


From here, it seems like we need to find the key to a simple substitution (monoalphabetic replacement) cipher for crypto.txt and modify the *'s in the code to convert it to working Perl.

Using the reserved.txt word bank, we can quickly solve this cipher using letter combinations that seem unique. This is particularly effective in this case because of 1) our ability to effectively filter through words via a program and 2) because of the small size of the word bank. For example, we see that there is an ejadp ejady in crypto.txt. After filtering our word bank to only five-letter words, we find that the only such words with the first four letters matching are “untie” and “until”. This tells us that e is replaced by u, j is replaced by n, a is replaced by t, d is replaced by i, and p and y are either e or l.

By this method, filling in the letters we know, we find that the key is tbwiupohdnvrsyqlkmaxfjcge (there are no zs, so there are only 25 letters in the key.) We replace the *'s in with this key, run it with perl, and get our flag.

Flag: HarekazeCTF{}