2010-05-24 20:45:18

By Tim Brown

I say non-exhaustive, it doesn't cover all of the CTF qualifiers, or even everything the team I played with achieved. It does however document some of the challenges I played and my successes and failures. Over the course of the 55 hours in which the game was in play, I must have looked at all of the challenges, either from the start or to help my friends when they got stuck.

The first challenge I solved was c100:

Decrypt please

Ocmln. up.'g.bjf abanfoco odrgne er yd. ypcjt d.p. /,.nnw urp yd. mroy lapy=v
Ydco y.qy ,ao ,pcyy.b gocbi a ol.jcan t.fxrapew br bry .pirbrmcjw frg aoodayv
WdcbyV Yd. t.f frg ap. nrrtcbi urp co yd. bam.oat. ru ydco t.fxrapev WzdcbyV

As you can see, this appears to be a paragraph of text, encrypted with an unknown cipher. Looking at the various words we can see that some are more frequent than others, particularly yd. which appears 3 times. I surmised fairly early on that this might be the word the and began to decipher the text based on the assumption that it was a substitution cipher. To begin with I used sed to substitute the old for new letters like so:

$ cat cipher.txt | sed -e ";s/y/>T</g"; -e ";s/d/>H</g"; -e ";s/./>E</g";

I used the ><, along with the upper case characters so that I could easily see in the output which characters I had changed and to prevent a future sed pattern from replacing one that had resulted from a previous pattern's action. This gave me:

Ocmln>E< up>E<'g>E<bjf abanfoco o>H<rgne er >T<>H<>E< >T<pcjt >H<>E<p>E< /,>E<nnw urp >T<>H<>E< mro>T< lap>T<=v Y>H<co >T<>E<q>T< ,ao ,pc>T<>T<>E<b gocbi a ol>E<jcan t>E<fxrapew br br>T< >E<pirbrmcjw frg aoo>H<a>T<v W>H<cb >T<V Y>H<>E< t>E<f frg ap>E< nrrtcbi urp co >T<>H<>E< bam>E<oat>E< ru >T<>H<co t>E<fxrapev Wz>H<cb>T<V

As you can see, we now have a number of parts of the plain text. Looking at the partially completed words there are some that stand out, for example >H<>E<p>E<. I ran such cases through a dictionary like so:

$ grep -i "^he.e$" /usr/share/dict/british-english 
Hebe
here

Since Hebe is not a common english term, I concluded that it was likely that p was likely substituted for r and added this to my sed script. This soon got tiring and I wrote the following simple perl script to complete the job:

@crypt = split(//, "Ocmln. up.'g.bjf abanfoco odrgne er yd. ypcjt d.p. /,.nnw urp yd. mroy lapy=v Ydco y.qy ,ao ,pcyy.b gocbi a ol.jcan t.fxrapew br bry .pirbrmcjw frg aoodayv WdcbyV Yd. t.f frg ap. nrrtcbi urp co yd. bam.oat. ru ydco t.fxrapev WzdcbyV");
$foo{"="} = "*";
$foo{" "} = " ";
$foo{","} = "W";
$foo{"/"} = "";
$foo{"."} = "E";
$foo{"'"} = "Q";
$foo{"a"} = "A";
$foo{"b"} = "N";
$foo{"c"} = "I";
$foo{"d"} = "H";
$foo{"e"} = "D";
$foo{"f"} = "Y";
$foo{"g"} = "U";
$foo{"i"} = "*";
$foo{"j"} = "C";
$foo{"l"} = "P";
$foo{"m"} = "M";
$foo{"n"} = "L";
$foo{"o"} = "S";
$foo{"O"} = "S";
$foo{"p"} = "R";
$foo{"q"} = "S";
$foo{"r"} = "O";
$foo{"t"} = "K";
$foo{"u"} = "F";
$foo{"v"} = "*";
$foo{"V"} = "*";
$foo{"w"} = "*";
$foo{"W"} = "*";
$foo{"x"} = "*";
$foo{"y"} = "T";
$foo{"Y"} = "T";
$foo{"z"} = "*";
foreach $char (@crypt) {
        print $foo{$char};
}

If you run this code, you'll notice that it doesn't produce perfect output (I've used asterisks when I don't know the substitution for sure). In the real world you might need every substitution to find the solution but here, hopefully:

SIMPLE FREQUENCY ANALYSIS SHOULD DO THE TRICK HERE WELL* FOR THE MOST PART** THIS TEST WAS WRITTEN USIN* A SPECIAL KEY*OARD* NO NOT ER*ONOMIC* YOU ASSHAT* *HINT* THE KEY YOU ARE LOOKIN* FOR IS THE NAMESAKE OF THIS KEY*OARD* **HINT*

should tell you everything you need to know.

Mood: Tired

Music: Nothing playing right now

You are unknown, comment

Pontoon failed: fatal error