[CTF] WU - Cipher Mastery

Difficulty Level : Hard

Challenge Category : Crypto

Description :

During a recent security audit, our team uncovered an encrypted document on one of the organization's servers. The file seems to contain sensitive information, and we need to decrypt it to assess any potential data breach. Can you assist us in deciphering its contents? Additionally, can you determine if decrypting the file is necessary by evaluating whether it contains helpful or critical information, or if it is just regular data?

Flag format : FLAG{word1_word2_…}
Separate each word with an underscore “_”
Don't forget to put {}
Everything is in lower case

Solution Steps

Step 1: Analyze the Cipher

1. The ciphertext contains 26 unique characters, each represented by a 4-character sequence.
2. The encryption is likely a substitution cipher, where each 4-character sequence maps to a single letter of the English alphabet or a space.

Step 2: Frequency Analysis

1. Calculate the frequency of each 4-character sequence in the ciphertext.
2. Compare the frequencies of these sequences with the frequencies of letters in the English language. Tools like English Letter Frequencies can help.

Step 3: Map Symbols to Letters

Using the frequency analysis:

1. Match the most common 4-character sequence with E (the most frequent letter in English).
2. Repeat for other common letters, such as T, A, O, etc.
3. Refine the mappings using common patterns in English, such as:
   • Common two-letter words: of, to, in, it, is.
   • Common three-letter words: the, and, for.
4. A script can automate this process to suggest symbol-to-letter mappings.

Step 4: Decipher the Ciphertext

Using the derived mappings, decrypt the ciphertext. This can be automated with the provided script.

Decoding Script

reverse_mapping = {
    'TIb,': 'A', 'l$*R': 'B', 's*iH': 'C', ':Kb4': 'D', 'APOn': 'E', '0+BG': 'F', ')`Z!': 'G',
    'S.%B': 'H', '@\'=?': 'I', '/Y30': 'J', 'B>VM': 'K', '"gCe': 'L', '*\-8': 'M', 'd2k4': 'N',
    '<G.3': 'O', 'l9,v': 'P', '"}JL': 'Q', '|tn=': 'R', '?Q>#': 'S', 'V]r=': 'T', '&]XO': 'U',
    'O46K': 'V', ':\\M|': 'W', 'Oz7l': 'X', 'RPek': 'Y', 'rQ"u': 'Z', '..XC': ' '
}

def decode_ciphertext(ct, reverse_map):
    decoded_text = ""
    i = 0
    while i < len(ct):
        for length in range(4, 0, -1):
            chunk = ct[i:i + length]
            if chunk in reverse_map:
                decoded_text += reverse_map[chunk]
                i += length
                break
        else:
            i += 1  
    return decoded_text

with open('ct.txt', 'r') as file:
    encoded_text = file.read().strip()

decoded_message = decode_ciphertext(encoded_text, reverse_mapping)
print(decoded_message)

Step 5: Extract the Flag

1. The decrypted plaintext reveals a readable message.
2. Identify the flag format FLAG{word1_word2_…} within the plaintext.