Crypto for CTFs

furiouserectAI and Robotics

Nov 21, 2013 (3 years and 8 months ago)

83 views

Crypto for CTFs

RPISEC 2013

Ben Kaiser

Terminology


plaintext
-

the original message


ciphertext

-

the coded message


cipher
-

algorithm for transforming plaintext to
ciphertext



key
-

info used in cipher known only to sender/receiver


encipher (encrypt)
-

converting plaintext to
ciphertext



decipher (decrypt)
-

recovering
ciphertext

from plaintext


cryptography
-

study of encryption principles/methods


cryptanalysis (
codebreaking
)
-

the study of principles/methods
of deciphering
ciphertext

without knowing key

Classification


Characterize by:


Type of encryption operations used


substitution


transposition


product


Number of keys used


single
-
key (private)


two
-
key (public)


Way in which plaintext is processed


Block


processes a block of element at a time


Stream


processes continuous stream of elements

Classical Ciphers

-

Substitution


L
etters of plaintext are replaced by other letters or by
numbers or symbols.


Monoalphabetic

ciphers: For every letter, one and only one
letter (or symbol) is substituted.


Polyalphabetic ciphers: Throughout the cipher text, different
symbols can stand for the same letter, and the same symbols
can stand for different letters

Monoalphabetic

Ciphers

The “key” for substitution ciphers is a mapping from plaintext
alphabet to
ciphertext

alphabet. It must be known to both
parties.


Caesar cipher:


Each character is converted to a numeric value (0
-
25), then
summed with a constant value (the key) and
modded

by 25.


rpisecisfun

becomes

uslvhflvixq

if the key is 3.

Monoalphabetic

Ciphers


The Caesar Cipher is easy to break by brute force since there
are only 25 possible keys. Let’s look at a more complex
monoalphabetic

cipher.


What if we had a 26
-
character key that maps each plaintext
character to a
ciphertext

character at random? That gives 26!
= 403 septillion possible keys.


Frequency Analysis


You’d think this would be incredibly difficult to break, but it’s
not thanks to
frequency analysis


In English, “E” is the most common letter, followed by
T,R,N,I,O,A, and S. Z,J,K,Q, and X are quite rare.

Frequency Analysis


Calculate the letter frequencies for your
ciphertext
, then
compare counts against known values.


Use known tricks:


The most common letter at the end of a word is E


The
most common beginning letter of a word is T


A
single
-
letter word is A or I, and on rare occasions, O.


The
most frequent two
-
letter word is OF, followed
by TO
and IN


The
most used three
-
letter word is THE, next common

is
AND


The
most frequent four
-
letter word is THAT


Q
is always followed by U


The
most common double letters are: LL, EE, SS, OO,
TT
, FF, RR,
NN, PP and CC


Practice: Cracking a
Monoalphabetic

Cipher

UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZV
UEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSXEPYEPOPD
ZSZUFPOMBZWPFUPZHMDJUDTMOHMQ


Hints:


Practice: Cracking a
Monoalphabetic

Cipher

UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZV
UEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSXEPYEPOPD
ZSZUFPOMBZWPFUPZHMDJUDTMOHMQ


Hints:


Count the letter frequencies and compare to the chart. Make
educated guesses and work from there (guess & check).



Practice: Cracking a
Monoalphabetic

Cipher

UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZV
UEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSXEPYEPOPD
ZSZUFPOMBZWPFUPZHMDJUDTMOHMQ


Hints:


Count the letter frequencies and compare to the chart. Make
educated guesses and work from there (guess & check).


P & Z are very frequent in the
ciphertext



let’s guess those are
E

and
T
, the two most common letters in English.



Practice: Cracking a
Monoalphabetic

Cipher

UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZV
UEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSXEPYEPOPD
ZSZUFPOMBZWPFUPZHMDJUDTMOHMQ


Hints:


Count the letter frequencies and compare to the chart. Make
educated guesses and work from there (guess & check).


P & Z are very frequent in the
ciphertext



let’s guess those are
E

and
T
, the two most common letters in English
.


ZW is a common letter combination. If Z =
T
then maybe
TH
?
What does that make ZWP likely to be?



Practice: Cracking a
Monoalphabetic

Cipher

UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZV
UEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSXEPYEPOPD
ZSZUFPOMBZWPFUPZHMDJUDTMOHMQ


Hints:


Count the letter frequencies and compare to the chart. Make
educated guesses and work from there (guess & check).


P & Z are very frequent in the
ciphertext



let’s guess those are
E

and
T
, the two most common letters in English
.


ZW is a common letter combination. If Z =
T
then maybe
TH
?
What does that make ZWP likely to be?


“It
was disclosed yesterday that several
informal but direct
contacts have been made with
political representatives
of the
vietcong

in
moscow
.”


CSAW 2011 Crypto5: 200
Pts

JR UNIR QVFPBIRERQ GUNG BHE YNFG GUERR GENAFZVFFVBAF
JR'ER RNFVYL QRPVCURERQ. JR UNIR GNXRA PNER BS GUR
CNEGL ERFCBAFVOYR SBE GURVE RAPBQVAT NAQ NER ABJ
HFVAT N ARJ ZRGUBQ. HFR GUR VASBEZNGVBA CEBIVQRQ NG
YNFG JRRX.F ZRRGVAT GB QRPVCURE NYY ARJ ZRFFNTRF. NAQ
ERZRZORE, GUVF JRRX.F XRL VF BOSHFPNGRQ
.


No hint was provided, but I’ve only showed you one cipher so
far so connect the dots.

CSAW 2011 Crypto5: 200
Pts

JR UNIR QVFPBIRERQ GUNG BHE YNFG GUERR GENAFZVFFVBAF
JR'ER RNFVYL QRPVCURERQ. JR UNIR GNXRA PNER BS GUR
CNEGL ERFCBAFVOYR SBE GURVE RAPBQVAT NAQ NER ABJ
HFVAT N ARJ ZRGUBQ. HFR GUR VASBEZNGVBA CEBIVQRQ NG
YNFG JRRX.F ZRRGVAT GB QRPVCURE NYY ARJ ZRFFNTRF. NAQ
ERZRZORE, GUVF JRRX.F XRL VF BOSHFPNGRQ
.


Answer: The key is 13.

WE HAVE DISCOVERED THAT OUR LAST THREE TRANSMISSIONS
WERE EASILY DECIPHERED. …

PHDays

CTF 2013: Crypto 100


Decrypt the message:

7y9rr177sluqv1r4pw

Hint: at $

PHDays

CTF 2013: Crypto 100


Decrypt the message:

7y9rr177sluqv1r4pw

Hint: at $


The cipher used is the
Atbash

Cipher
. Each letter is assigned to
the letter at the opposite end of the alphabet


A=Z, B=Y, C=X,
etc. In this case, the numbers 0
-
9 were added onto the end of the
key so A=9, B=8, … J=1, K=Z, L=Y, etc.


PHDays

CTF 2013: Crypto 100


Decrypt the message:

7y9rr177sluqv1r4pw

Hint: at $


The cipher used is the
Atbash

Cipher
. Each letter is assigned to
the letter at the opposite end of the alphabet


A=Z, B=Y, C=X,
etc. In this case, the numbers 0
-
9 were added onto the end of the
key so A=9, B=8, … J=1, K=Z, L=Y, etc.


classiccryptoisfun


CSAW 2011 Crypto1


100
pts

87 101 108 99 111 109 101 32 116 111 32 116 104 101 32 50 48
49 49 32 78 89 85 32 80 111 108 121 32 67 83 65 87 32 67 84 70
32 101 118 101 110 116 46 32 87 101 32 104 97 118 101 32 112
108 97 110 110 101 100 32 109 97 110 121 32 99 104 97 108
108 101 110 103 101 115 32 102 111 114 32 121 111 117 32 97
110 100 32 119 101 32 104 111 112 101 32 121 111 117 32 104
97 118 101 32 102 117 110 32 115 111 108 118 105 110 103 32
116 104 101 109 32 97 108 108 46 32 84 104 101 32 107 101
121 32 102 111 114 32 116 104 105 115 32 99 104 97 108 108
101 110 103 101 32 105 115 32 99 114 121 112 116 111 103 114
97 112 104 121
46


This is a simple
monoalphabetic

cipher. Do these numbers look
like anything you recognize? If not, try frequency analysis.

More Advanced
Monoalphabetic

Ciphers


The
Playfair

Cipher is a famous advanced
Monoalphabetic

Cipher that uses single word as a key. That word is used to
generate a 5x5 character matrix:


If “MONARCHY” is the key, our matrix looks like this:

MONAR

CHYBD

EFGIK

LPQST

UVWXZ

Playfair

Cipher


plaintext
encrypted two letters at a time:


if
a pair is a repeated letter, insert a filler like 'X',
eg
. "balloon"
encrypts as "
ba

lx lo on"


if
both letters fall in the same row, replace each with
letter
to
right (wrapping back to start from end),

eg
. “
ar
" encrypts as
"RM"


if
both letters fall in the same column, replace each
with
the
letter below it (again wrapping to top from
bottom
),
eg
. “mu"
encrypts to "CM"


otherwise
each letter is replaced by the one in its
row
in the
column of the other letter of the pair,
eg
.

hs
" encrypts to "BP",
and “
ea
" to "IM" or "JM" (as
desired)


Decrypt
ONANMSVFBIKLEBUBFSCFAT
using “MONARCHY” as
a key.

Polyalphabetic Ciphers


In a polyalphabetic ciphers, each letter of a
ciphertext

does
not always decrypt to the same plaintext letter.


The
Vigenère

Cipher is essentially multiple Caesar Ciphers:


key is multiple letters long K = k
1

k
2

...
k
d



i
th

letter specifies
i
th

alphabet to use


use each alphabet in turn


repeat from start after d letters in message

Vigenère

Cipher


write
the plaintext out


write
the keyword repeated above it


use
each key letter as a
caesar

cipher key


encrypt
the corresponding plaintext letter


eg

using keyword deceptive


key:


deceptivedeceptivedeceptive


plaintext:

wearediscoveredsaveyourself


ciphertext
:

ZICVTWQNGRZGVTWAVZHCQYGLMGJ

Kasiski

Method of Breaking
Vigenère



Guess
the key
length


Find
a number of
duplicated
sequences


Collect
all their distances apart


Look
for common factors


Thus
obtain a set of
monoalphabetic

ciphers (each is subject to
letter
fq
. Char.)


repetitions
in
ciphertext

give clues to period


so
find
same

plaintext
an
exact period apart


which
results in the
same
ciphertext


of
course, could also be random fluke


eg

repeated “VTW” in previous example


suggests
size of 3 or 9


then
attack each
monoalphabetic

cipher individually
using
same
techniques as before

Transposition Ciphers


Transposition (
or permutation)
ciphers hide
the message by
rearranging
the
letter order in the message without
altering
the actual letters
used.


The classic example is the Rail Fence cipher,
in which
you write
message letters out diagonally over a
number
of
rows, then
read off
the cipher
row by
row.


Plain Text: Meet me tonight + padding(
qxz
)


M
E M T N G T X




E
T E O I H Q Z


Cipher Text: MEMTNGTXETEOIHQZ