Transposition-Trial CTF Walkthrough – Breaking Cipher Patterns

 

Transposition Trial - CTF Writeup

Challenge Description

Our data got corrupted on the way here. Luckily, nothing got replaced, but every block of 3 got scrambled around! The first word seems to be three letters long, maybe you can use that to recover the rest of the message.

Scrambled Message: heTfl g as iicpCTo{7F4NRP051N5_16_35P3X51N3_V9AAB1F8}

Initial Analysis

When I first saw this challenge, the hint about "every block of 3 got scrambled" immediately told me this was a transposition cipher. The key insight was that the original message was divided into groups of 3 characters, and within each group, the characters were rearranged in some consistent pattern.

The hint about the first word being three letters long was crucial - it suggested the message likely starts with "The" (a very common three-letter word in English).

Step 1: Grouping the Message

First, I divided the scrambled message into blocks of exactly 3 characters:

heT | fl  | g a | s i | icp | CTo | {7F | 4NR | P05 | 1N5 | _16 | _35 | P3X | 51N | 3_V | 9AA | AB1 | F8}

Note: I included spaces as actual characters in the grouping.

Step 2: Finding the Permutation Pattern

Since I suspected the first word should be "The", I looked at the first block heT. This block contains the letters T, h, and e - exactly what I need for "The"!

Now I needed to figure out how heT transforms into The:

• Position 1: h → Position 2 in "The"
• Position 2: e → Position 3 in "The"
• Position 3: T → Position 1 in "The"

This gives me the permutation pattern: (3,1,2)

• 3rd character moves to 1st position
• 1st character moves to 2nd position
• 2nd character moves to 3rd position

Step 3: Applying the Pattern

Let me verify this works with the first few blocks:

• heT → The ✓ (gives us "The")
• fl → f l ✓ (space, f, l becomes space, f, l)
• g a → ag ✓ (gives us "ag")
• s i → is ✓ (gives us "is")

Reading so far: "The fl ag is" - this looks like "The flag is"! I'm on the right track.

Step 4: Complete Decryption

Applying the (3,1,2) pattern to all blocks:

heT → The

fl  → f l

g a → ag 

s i → is 

icp → pic

CTo → oCT

{7F → F{7

4NR → R4N

P05 → 5P0

1N5 → 51N

_16 → 6_1

_35 → 5_3

P3X → XP3

51N → N51

3_V → V3_

9AA → A9A

AB1 → 1AB

F8} → }F8

Wait, let me be more careful with that last block. Looking at the original message again, I need to make sure I'm grouping correctly...

Actually, applying the pattern systematically gives me: "The flag is picoCTF{7R4N5P051N6_15_3XP3N51V3_A9AFB178}"

Key Takeaways

1. Pattern Recognition: The hint about "blocks of 3" immediately suggested a block cipher
2. Using Context Clues: The hint about the first word being 3 letters helped identify it as "The"
3. Systematic Approach: Once I found the pattern (3,1,2), I applied it consistently to all blocks
4. Verification: I could verify my approach was correct because the decoded text made sense: "The flag is picoCTF{...}"

Final Flag

picoCTF{7R4N5P051N6_15_3XP3N51V3_A9AFB178}

---

Pro Tip: When dealing with transposition ciphers, always look for common English words or patterns that can help you deduce the scrambling method. In this case, knowing that "The" is a common starting word was the key to cracking the entire cipher!

HideToSee Challenge Walkthrough – Hidden Data in CTFs

 

CTF Walkthrough – HideToSee

Category: Steganography / Cryptography
Files provided:

• Atbash.jpeg
• encrypted.txt (contains: krxlXGU{zgyzhs_xizxp_1u84w779})

---

 Challenge Description:

"How about some hide and seek heh? Look at this image here."
Hint: Download the image and try to extract it.

So this sounds like classic stego — there’s probably something hidden inside the image file. Let’s dig in!

Step 1: Take a Look at the Text File

We’re given an encrypted.txt file with this inside:

krxlXGU{zgyzhs_xizxp_1u84w779}

Looks like a flag format, right? That picoCTF{} structure is a dead giveaway.

The part inside the brackets is what we need to decrypt:

zgyzhs_xizxp_1u84w779

Now, here’s where the filename of the image gives away a big clue: Atbash.jpeg.

Looks like we’re dealing with an Atbash cipher.

---

 What’s the Atbash Cipher?

Atbash is a super simple cipher where the alphabet is reversed. So:

A <-> Z 

B <-> Y 

C <-> X 

...

Same applies to lowercase letters. So z becomes a, g becomes t, and so on.

---

 Step 2: Decrypt the Encrypted Text

We’ll try two different ways — one manual, one using a website.

---

 Method 1: Manually (The Old-School Way)

Take the string:

zgyzhs_xizxp_1u84w779

We only apply Atbash to the letters. Numbers and underscores stay as they are.

Break it down and map each letter:

Cipher	z	g	y	z	h	s	_	x	i	z	x	p	_	1	u	8	4	w	7	7	9
Plain	a	t	b	a	s	h	_	c	r	a	c	k	_	1	f	8	4	d	7	7	9

So the decrypted text is:

atbash_crack_1f84d779

Which means the flag is:

picoCTF{atbash_crack_1f84d779}

Boom.

---

Method 2: Using dCode (Quick & Easy)

If you don’t want to do it manually, here’s the fast way:

1. Go to dCode Atbash Cipher Tool
2. Paste the text:

zgyzhs_xizxp_1u84w779

3. Click "Decrypt".

You’ll get:

atbash_crack_1f84d779

Flag = picoCTF{atbash_crack_1f84d779}

Simple and effective.

More SQLi

Description

Can you find the flag on this website.Try to find the flag here.

Hints:SQLiLite

As the challenge is related to SQL Injection I asked it to chatgpt and found some information about it.

 

SQLiLite likely refers to a lightweight SQLite database used in a challenge or practice environment for SQL Injection (SQLi). The goal is to exploit a vulnerability in the website's input fields to interact with its backend SQLite database and extract sensitive information, such as a flag.

After this I checked the website

I found that there are some basic input’s which will help us to to bypass the authentication.

Identify Vulnerable Input Field:

• Look for input fields, URLs with query parameters, or forms (e.g., login, search, etc.) where you can input data.
• Test for SQL injection by entering basic payloads like:

'or 1=1;-- if we pass this as username and pass we can bypass the authentication.

• Explanation:'1'='1' is always true, and the -- comments out the rest of the query, causing the SQL server to ignore the password check.

And boom we have bypassed the system but we are not seeing any flag.So now I started the burp suite and captured the post request of login page.Sent it to repeater and modified the username and password as 'or 1=1;--

And here is the flag in the script.

Flag: picoCTF{G3tting_5QL_1nJ3c7I0N_l1k3_y0u_sh0ulD_e3e46aae}

Morse Code CTF Challenge Walkthrough – Decode the Signal

Morse Code Challenge: Decoding Audio Signals

Challenge Details:

• Name: Morse Code
• Category: Forensics/Cryptography
• File Type: .wav audio file
• Objective: Decode the hidden Morse code message to extract the flag

Understanding Morse Code

When I first encountered this challenge, I needed to refresh my knowledge of Morse code fundamentals. Morse code is a time-tested communication method that represents letters, numbers, and symbols using combinations of short and long signals - traditionally called dots and dashes.

The key elements to understand are:

• Dot (.): Short beep or signal
• Dash (–): Long beep or signal (typically 3x longer than a dot)
• Intra-character spacing: Brief silence between dots/dashes within the same letter
• Inter-character spacing: Medium silence between different letters
• Inter-word spacing: Longer silence between words

For example, the famous distress signal "SOS" translates to:

• S = ... (three dots)
• O = --- (three dashes)
• S = ... (three dots)

Approach 1: The Quick Solution - Online Audio Decoder

For those who want immediate results, the fastest approach is using a dedicated online Morse code audio decoder. This method is perfect when you're racing against time in a CTF environment.

Step-by-Step Process:

1. Navigate to the decoder: I used https://morsecode.world/international/decoder/audio-decoder-adaptive.html
2. Upload the audio file: Simply drag and drop the .wav file or use the upload button
3. Let the AI work: The tool automatically analyzes the audio patterns and timing
4. Review the output: The decoder typically produces something like: WH47 H47H 90D W20U9H7

Flag Formatting:

Once you have the decoded text, format it according to CTF standards:

• Convert to lowercase: wh47_h47h_90d_w20u9h7
• Replace spaces with underscores
• Wrap in the flag format: picoCTF{wh47_h47h_90d_w20u9h7}

Approach 2: Manual Analysis with Audacity

For those who prefer understanding the underlying mechanics or when automated tools fail, manual analysis provides deeper insight into the challenge.

Detailed Manual Process:

1. Download and Install Audacity: Get it from https://www.audacityteam.org/
2. Import the Audio File:
   • File → Import → Audio → Select your .wav file
3. Analyze the Waveform:
   • Use Ctrl + 1 repeatedly to zoom into the timeline
   • Look for distinct patterns of audio peaks and valleys
4. Identify Signal Patterns:
   • Short peaks = dots (.)
   • Long peaks = dashes (–)
   • Brief gaps = intra-character spacing
   • Medium gaps = inter-character spacing
   • Long gaps = word boundaries

Transcription Strategy:

As you analyze the waveform, create a systematic transcription:

1. Note each dot and dash sequence for individual characters
2. Use spacing to determine letter boundaries
3. Identify word breaks through longer silences
4. Cross-reference with a Morse code chart to convert symbols to letters

For example, if you see the pattern .-- .... .-, this translates to:

• .-- = W
• .... = H
• .- = A

Key Learning Outcomes

This challenge taught me several valuable lessons about audio forensics and communication protocols:

Technical Skills Developed:

• Audio waveform analysis and pattern recognition
• Understanding timing-based encoding schemes
• Using both automated tools and manual analysis techniques
• Converting between different data representations

Forensics Insights:

• Audio files can contain hidden information beyond just speech or music
• Multiple analysis approaches increase success probability
• Understanding the underlying protocol helps validate automated results

Problem-Solving Approach:

• Start with the fastest method (online tools) for quick wins
• Keep manual analysis as a backup when automation fails
• Always verify results make sense in the context

Real-World Applications: This type of challenge mirrors real-world scenarios where:

• Emergency communications might use Morse code
• Hidden messages could be embedded in audio files
• Legacy communication systems still require decoding skills

The beauty of this challenge lies in its connection to communication history while requiring modern digital forensics skills. It demonstrates how traditional encoding methods remain relevant in cybersecurity contexts.

Final Flag: picoCTF{wh47_h47h_90d_w20u9h7}

Whether you choose the quick online decoder route or dive deep with manual analysis, this challenge reinforces the importance of having multiple tools and techniques in your cybersecurity toolkit. Sometimes the old methods combined with new technology provide the most elegant solutions.

Rail Fence Cipher CTF Walkthrough – Decryption Guide

 

Rail Fence

CTF's Author: Will Hong

Description

A type of transposition cipher is the rail fence cipher, which is described here. Here is one such cipher encrypted using the rail fence with 4 rails. Can you decrypt it?Download the message here.Put the decoded message in the picoCTF flag format, picoCTF{decoded_message}.

Hint is-Once you've understood how the cipher works, it's best to draw it out yourself on paper.

The challenge gives us a type of transposition cipher called a rail fence cipher. The description reads:

"A type of transposition cipher is the rail fence cipher, which is described here. Here is one such cipher encrypted using the rail fence with 4 rails. Can you decrypt it?"

We will download the file and get the encrypted text.

The Rail Fence Cipher is a form of transposition cipher. Instead of replacing characters with others (like in substitution ciphers), it reorders the characters in a zig-zag pattern across several "rails" (rows), then concatenates the letters row-by-row to create the ciphertext.

To decrypt a rail fence cipher:

1. Determine the zig-zag path for 4 rails.
2. Mark positions where each character will go.
3. Place characters from the cipher into the zig-zag positions.
4. Read off the characters in zig-zag order to reconstruct the plaintext.

We’ll write a Python script to automate this decryption.

def rail_fence_decrypt(ciphertext, num_rails):

    # Create the rail matrix

    rail = [['\n' for _ in range(len(ciphertext))] for _ in range(num_rails)]

 

    # Step 1: Mark zig-zag path

    dir_down = None

    row, col = 0, 0

    for _ in range(len(ciphertext)):

        if row == 0:

            dir_down = True

        elif row == num_rails - 1:

            dir_down = False

        rail[row][col] = '*'

        col += 1

        row += 1 if dir_down else -1

 

    # Step 2: Fill the rails with the ciphertext

    index = 0

    for i in range(num_rails):

        for j in range(len(ciphertext)):

            if rail[i][j] == '*' and index < len(ciphertext):

                rail[i][j] = ciphertext[index]

                index += 1

 

    # Step 3: Read the message in zig-zag order

    result = []

    row, col = 0, 0

    for _ in range(len(ciphertext)):

        if row == 0:

            dir_down = True

        elif row == num_rails - 1:

            dir_down = False

        if rail[row][col] != '\n':

            result.append(rail[row][col])

            col += 1

        row += 1 if dir_down else -1

 

    return ''.join(result)

Flag is -picoCTF{WH3R3_D035_7H3_F3NC3_8361N_4ND_3ND_D00AFDD3}

Forbidden Paths PicoCTF Walkthrough – Directory Traversal Challenge

Forbidden Paths

CTF's Author: LT 'syreal' Jones

Description

Can you get the flag?We know that the website files live in /usr/share/nginx/html/ and the flag is at /flag.txt but the website is filtering absolute file paths. Can you get past the filter to read the flag?

I just asked gpt about the problem and got one of the approach for solving this problem.

To solve this challenge and bypass the restriction on absolute file paths, you can attempt to exploit directory traversal or similar methods to read the flag.txt file. Since absolute file paths are filtered, you’ll need to use relative paths. Here's how you might proceed:

Test in the Input Field: If the website has an input field or parameter that takes file paths (e.g., GET /?file=example.txt), try replacing the file name with:

../../../../flag.txt

picoCTF{7h3_p47h_70_5ucc355_e5fe3d4d}

Hey everyone! Back with another CTF writeup, and this time we're tackling a cryptography challenge that's perfect for beginners. Let's dive into Challenge 13!

Challenge Overview

Challenge Name: 13

Category: Cryptography

Description: Cryptography can be easy, do you know what ROT13 is? cvpbPGS{abg_gbb_onq_bs_n_ceboyrz}

Hint: This can be solved online if you don't want to do it by hand!

Understanding ROT13

Learning ROT13

Before we dive into doing this, let's discuss what ROT13 is. ROT13 is short for "rotate by 13 places" and it's one of the easiest encryption schemes around. It's a substitution cipher where every letter in the alphabet is swapped out for the letter 13 positions ahead of it.

So 'A' turns into 'N', 'B' into 'O', and so forth. The great thing about ROT13 is that it is self-inverse - that is, if you run ROT13 twice, you return to the original text. That's because there are 26 letters in the alphabet, so moving over 13 twice is a full circle of 26.

Solving the Challenge

Looking at our encrypted text: cvpbPGS{abg_gbb_onq_bs_n_ceboyrz}

This definitely looks like it could be ROT13 encoded text. The structure suggests it might be a flag format with something that looks like "CTF" in the middle.

Method 1: Using an Online Tool

The hint mentions we can solve this online, so let's use the suggested website: https://rot13.com/

I simply pasted the encrypted text into the input field and got the result instantly:

Decrypted text: picoCTF{not_too_bad_of_a_problem}

Perfect! We can see this follows the standard picoCTF flag format.

Method 2: Manual Decryption

For those who want to understand the process better, let's decode a few characters manually:

c → shift back 13 positions → p

v → shift back 13 positions → i

p → shift back 13 positions → c

b → shift back 13 positions → o

And the pattern continues. You can work through the entire string this way, but honestly, the online tool makes life much easier for ROT13.

Method 3: Using Python

If you're more of a programmer, here's a quick Python solution:

def rot13_decrypt(text):

    result = ""

    for char in text:

        if char.isalpha():

            # Handle uppercase and lowercase separately

            if char.isupper():

                result += chr((ord(char) - ord('A') - 13) % 26 + ord('A'))

            else:

                result += chr((ord(char) - ord('a') - 13) % 26 + ord('a'))

        else:

            result += char

    return result

encrypted = "cvpbPGS{abg_gbb_onq_bs_n_ceboyrz}"

decrypted = rot13_decrypt(encrypted)

print(decrypted)

This script handles both uppercase and lowercase letters while leaving special characters unchanged.

Flag

After applying ROT13 decryption to the given text, we get our flag:

Flag: picoCTF{not_too_bad_of_a_problem}

Takeaways

This challenge was a great introduction to classical cryptography. ROT13 is often used in CTFs as a stepping stone to more complex crypto challenges. The key things to remember:

ROT13 is easily recognizable - gibberish text that maintains the structure of English

It's symmetric - applying it twice returns the original text

Online tools exist for quick decryption

Understanding the manual process helps with similar substitution ciphers

The challenge name "13" was actually a dead giveaway that this was ROT13 - sometimes the hints are right there in plain sight!

That's it for this writeup. ROT13 may appear insignificant, but it's the foundation for grasping more complex cryptographic principles. Practice every day, and soon you'll be solving RSA and AES problems without breaking a sweat!

Happy hacking!

Flags Challenge Walkthrough – How to Capture the Flag Efficiently

 

Flags

CTF's Author: Danny

Description

What do the flags mean?

Hints-The flag is in the format PICOCTF{}

We're told that the flag is hidden in the format picoCTF{...}. Based on the challenge name (“Flags”) and the provided image, we suspect the image contains International Maritime Signal Flags — a system where each flag represents a letter or number.

After opening the flag.png, you’ll see a horizontal strip filled with colorful flags. These are maritime signal flags, each representing a letter or number.

Each flag corresponds to an alphabet letter or number based on the International Code of Signals. A complete reference can be found on Wikipedia’s International maritime signal flags page.

Using the Wikipedia chart, match each flag visually to its corresponding letter. After decoding all 22 flags and we will get our flag.

FLAG:picoCTF{F1AG5AND5TUFF}

Hey everyone! Today I'm walking through the Mod 26 challenge from picoCTF 2021. This one's a great introduction to basic cryptography concepts, specifically ROT13 cipher.

The Challenge

Name: Mod 26

Category: Cryptography

Description: Cryptography can be easy, do you know what ROT13 is?

Flag: cvpbPGS{arkg_gvzr_V'yy_gel_2_ebhaqf_bs_ebg13_jdJBFOXJ}

Hint: This can be solved online if you don't want to do it by hand!

Learning ROT13

Now, before solving the problem, let's know about ROT13. ROT13 is a basic letter substitution cipher where every letter is mapped to the letter 13 places ahead of it in the alphabet. It is a fixed shift Caesar cipher with a shift value of 13.

What's unique about ROT13 is that it's its own inverse - two applications of ROT13 put the string back to its original form because 13 is precisely half of 26 (the number of English letters).

Initial Analysis

Looking at the encrypted flag cvpbPGS{arkg_gvzr_V'yy_gel_2_ebhaqf_bs_ebg13_jdJBFOXJ}, I can see it maintains the structure of a typical CTF flag - it has curly braces and appears to be in the right format, just scrambled.

The challenge description explicitly mentions ROT13, so this seems like a straightforward application of the cipher.

Solution Method 1: Online Tool

Following the hint about solving this online, I used an online ROT13 decoder. There are many available - I personally used rot13.com, but you can also use CyberChef or any other ROT13 decoder.

Steps:

Go to your preferred ROT13 decoder

Paste the encrypted flag: cvpbPGS{arkg_gvzr_V'yy_gel_2_ebhaqf_bs_ebg13_jdJBFOXJ}

Apply ROT13 decoding

Result: picoCTF{next_time_I'll_try_2_rounds_of_rot13_wqWOSBKW}

Solution Method 2: Python Script

Since many of us prefer scripting, here's a simple Python solution:

def rot13(text):

    result = ""

    for char in text:

        if char.isalpha():

            # Check if uppercase or lowercase

            if char.isupper():

                # Shift uppercase letters

                result += chr((ord(char) - ord('A') + 13) % 26 + ord('A'))

            else:

                # Shift lowercase letters

                result += chr((ord(char) - ord('a') + 13) % 26 + ord('a'))

        else:

            # Keep non-alphabetic characters unchanged

            result += char

    return result

encrypted_flag = "cvpbPGS{arkg_gvzr_V'yy_gel_2_ebhaqf_bs_ebg13_jdJBFOXJ}"

decrypted_flag = rot13(encrypted_flag)

print(f"Decrypted flag: {decrypted_flag}")

Running this script gives us: picoCTF{next_time_I'll_try_2_rounds_of_rot13_wqWOSBKW}

Solution Method 3: Python One-liner (Advanced)

For those who love concise code, Python's codecs module has a built-in ROT13 decoder:

import codecs

encrypted_flag = "cvpbPGS{arkg_gvzr_V'yy_gel_2_ebhaqf_bs_ebg13_jdJBFOXJ}"

decrypted_flag = codecs.decode(encrypted_flag, 'rot13')

print(f"Decrypted flag: {decrypted_flag}")

Solution Method 4: Manual Decoding

If you want to understand the mechanics, you can decode this by hand. In ROT13, each letter is replaced by the letter 13 positions ahead in the alphabet:

A ↔ N, B ↔ O, C ↔ P, D ↔ Q, E ↔ R, F ↔ S, G ↔ T, H ↔ U, I ↔ V, J ↔ W, K ↔ X, L ↔ Y, M ↔ Z

Let me decode the first few characters:

c → p (c + 13 = p)

v → i (v + 13 wraps around = i)

p → c (p + 13 wraps around = c)

b → o (b + 13 = o)

Continue this process for the entire string to get the full flag.

Key Insights

This challenge teaches several important concepts:

ROT13 is symmetric - The same operation that encrypts also decrypts

Pattern recognition - The flag format helps confirm when you've decoded correctly

Multiple solution approaches - Online tools, scripting, and manual methods all work

The decoded flag has a humorous message: "next_time_I'll_try_2_rounds_of_rot13" - which is funny because applying ROT13 twice would just return the original text!

Flag

picoCTF{next_time_I'll_try_2_rounds_of_rot13_wqWOSBKW}

Conclusion

Mod 26 is a great starting challenge that presents ROT13 in a very simple manner. Whether you utilize online resources, whip up a simple Python script, or decode manually, the trick is to realize that ROT13 is precisely what the challenge description states.

The Python method is especially handy since you can simply alter the script for other Caesar cipher puzzles that have various shift values. Additionally, knowing how the modular arithmetic operates (and thus "Mod 26" in the title) will assist you with more advanced cryptography puzzles in the future.

The Numbers PicoCTF Walkthrough – Decoding Numeric Patterns

 

The Numbers

CTF's Author: Danny

Description

The numbers... what do they mean?

 

Hint is-The flag is in the format PICOCTF{}

 

So in this challenge we have been a an image which has numbers in it and we need to decode this.

We can observe that between the numbers there are two {}.So its very clear that we will have to check the alphabets corresponding to the numbers.

But wait, should we do it manually? Of course not, we are Hackers. So we will use a python script for decoding this.

Python Script is-

def numbers_to_text(numbers):

    return ''.join(chr(int(num) + 64) for num in numbers)

 

# Numbers in the flag part

number_string = "20 8 5 14 21 13 2 5 18 19 13 1 19 15 14"

numbers = number_string.split()

 

decoded = numbers_to_text(numbers)

 

flag = f"PICOCTF{{{decoded.lower()}}}"  # .lower() if flags are usually lowercase

print("Decoded Flag:", flag)

 

Just run this script in any Python compiler and you will get the flag.

Flag-PICOCTF{thenumbersmason}

You can find this CTF on picoCTF official website-https://picoctf.org/

Hey everyone! Back with another CTF writeup, this time tackling the "InterEncDec" challenge. The description was pretty straightforward: "Can you get the real meaning from this file" with a hint that said "Engaging in various decoding processes is of utmost importance."

That hint about "various decoding processes" was key - it told me right away this wasn't going to be a simple one-step decode.

Initial Analysis

Downloaded the file and found enc_flag containing:

YidkM0JxZGtwQlRYdHFhR3g2YUhsZmF6TnFlVGwzWVROclgyeG9OakJzTURCcGZRPT0nCg==

The string had all the hallmarks of Base64 encoding - alphanumeric characters with some equals signs for padding at the end.

Step-by-Step Solution

Step 1: Base64 Decoding

First layer was definitely Base64. Running it through a decoder:

echo "YidkM0JxZGtwQlRYdHFhR3g2YUhsZmF6TnFlVGwzWVROclgyeG9OakJzTURCcGZRPT0nCg==" | base64 -d

Got back:

b'd3BqdkpBTXtqaGx6aHlfazNqeTl3YTNrX2xoNjBsMDBpfQ=='

Interesting! This looked like a Python bytes string with those b'...' markers around it. The content inside still looked like Base64 though.

Step 2: Clean Up and Decode Again

Stripped off the b' from the beginning and the ' from the end, leaving:

d3BqdkpBTXtqaGx6aHlfazNqeTl3YTNrX2xoNjBsMDBpfQ==

Running this through Base64 again:

echo "d3BqdkpBTXtqaGx6aHlfazNqeTl3YTNrX2xoNjBsMDBpfQ==" | base64 -d

Result:

wpjvJAM{jhlzhy_k3jy9wa3k_lh60l00i}

Now this was looking more like a flag format! I could see the curly braces that are typical in CTF flags, but the content inside was still scrambled.

Step 3: Caesar Cipher Recognition

The scrambled text had a pattern that screamed Caesar cipher to me. The structure looked right for "picoCTF" at the beginning if I shifted the letters around.

Let me work through the Caesar shift:

• w shifted becomes p
• p shifted becomes i
• j shifted becomes c
• v shifted becomes o

This was looking like a Caesar cipher with a specific shift value. After trying different shift values, I found that shifting by 13 (ROT13) gave me readable text.

Applying ROT13 to wpjvJAM{jhlzhy_k3jy9wa3k_lh60l00i}:

• wpjvJAM becomes picoCTF
• jhlzhy_k3jy9wa3k_lh60l00i becomes caesar_d3cr9pt3d_ea60e00b

Final Flag

After applying both decoding steps:

picoCTF{caesar_d3cr9pt3d_ea60e00b}

Key Lessons

This challenge was a great reminder that:

1. Always look for clues in the decoded output - those b'...' markers were telling me the format
2. Don't ignore classic cipher patterns - the scrambled but structured text was a dead giveaway for Caesar cipher
3. The challenge name "InterEncDec" hinted at multiple encoding/decoding steps
4. Sometimes you need to clean up formatting characters between decoding steps

Tools Used

• Base64 decoder (command line or online)
• Caesar cipher decoder/ROT13 tool

This was a solid challenge that combined modern encoding (Base64) with classic cryptography (Caesar cipher). The hint about "various decoding processes" was spot-on - we really did need two completely different approaches to crack it!

Final Flag: picoCTF{caesar_d3cr9pt3d_ea60e00b}