The
Numbers
CTF's Author: Danny
Description
The numbers... what do they mean?
Hint is-The
flag is in the format PICOCTF{}
So in this
challenge we have been a an image which has numbers in it and we need to decode
this.
We can
observe that between the numbers there are two {}.So its very clear that we
will have to check the alphabets corresponding to the numbers.
But wait,
should we do it manually? Of course not, we are Hackers. So we will use a
python script for decoding this.
Python
Script is-
def
numbers_to_text(numbers):
return ''.join(chr(int(num) + 64) for num
in numbers)
# Numbers in
the flag part
number_string
= "20 8 5 14 21 13 2 5 18 19 13 1 19 15 14"
numbers =
number_string.split()
decoded =
numbers_to_text(numbers)
flag =
f"PICOCTF{{{decoded.lower()}}}"
# .lower() if flags are usually lowercase
print("Decoded
Flag:", flag)
Just run this script in any Python
compiler and you will get the flag.
Flag-PICOCTF{thenumbersmason}
Hey everyone! Back with another CTF writeup, this time tackling the "InterEncDec" challenge. The description was pretty straightforward: "Can you get the real meaning from this file" with a hint that said "Engaging in various decoding processes is of utmost importance."
That hint about "various decoding processes" was key - it told me right away this wasn't going to be a simple one-step decode.
Initial Analysis
Downloaded the file and found enc_flag containing:
YidkM0JxZGtwQlRYdHFhR3g2YUhsZmF6TnFlVGwzWVROclgyeG9OakJzTURCcGZRPT0nCg==
The string had all the hallmarks of Base64 encoding - alphanumeric characters with some equals signs for padding at the end.
Step-by-Step Solution
Step 1: Base64 Decoding
First layer was definitely Base64. Running it through a decoder:
echo "YidkM0JxZGtwQlRYdHFhR3g2YUhsZmF6TnFlVGwzWVROclgyeG9OakJzTURCcGZRPT0nCg==" | base64 -dGot back:
b'd3BqdkpBTXtqaGx6aHlfazNqeTl3YTNrX2xoNjBsMDBpfQ=='
Interesting! This looked like a Python bytes string with those b'...' markers around it. The content inside still looked like Base64 though.
Step 2: Clean Up and Decode Again
Stripped off the b' from the beginning and the ' from the end, leaving:
d3BqdkpBTXtqaGx6aHlfazNqeTl3YTNrX2xoNjBsMDBpfQ==
Running this through Base64 again:
echo "d3BqdkpBTXtqaGx6aHlfazNqeTl3YTNrX2xoNjBsMDBpfQ==" | base64 -dResult:
wpjvJAM{jhlzhy_k3jy9wa3k_lh60l00i}
Now this was looking more like a flag format! I could see the curly braces that are typical in CTF flags, but the content inside was still scrambled.
Step 3: Caesar Cipher Recognition
The scrambled text had a pattern that screamed Caesar cipher to me. The structure looked right for "picoCTF" at the beginning if I shifted the letters around.
Let me work through the Caesar shift:
wshifted becomesppshifted becomesijshifted becomescvshifted becomeso
This was looking like a Caesar cipher with a specific shift value. After trying different shift values, I found that shifting by 13 (ROT13) gave me readable text.
Applying ROT13 to wpjvJAM{jhlzhy_k3jy9wa3k_lh60l00i}:
wpjvJAMbecomespicoCTFjhlzhy_k3jy9wa3k_lh60l00ibecomescaesar_d3cr9pt3d_ea60e00b
Final Flag
After applying both decoding steps:
picoCTF{caesar_d3cr9pt3d_ea60e00b}Key Lessons
This challenge was a great reminder that:
- Always look for clues in the decoded output - those
b'...'markers were telling me the format - Don't ignore classic cipher patterns - the scrambled but structured text was a dead giveaway for Caesar cipher
- The challenge name "InterEncDec" hinted at multiple encoding/decoding steps
- Sometimes you need to clean up formatting characters between decoding steps
Tools Used
- Base64 decoder (command line or online)
- Caesar cipher decoder/ROT13 tool
This was a solid challenge that combined modern encoding (Base64) with classic cryptography (Caesar cipher). The hint about "various decoding processes" was spot-on - we really did need two completely different approaches to crack it!
Final Flag: picoCTF{caesar_d3cr9pt3d_ea60e00b}
.jpg)
.jpg)
No comments:
Post a Comment