This year I participated in my first capture the flag (CTF) event! After a recommendation from my current Cybersecurity bootcamp instructor I’m glad I checked out MetaCTF and had a chance to participate. I learned a lot in the process, and I want to share a few writeups from the easier end of the spectrum. While these problems already have some writeups, my own approach hopefully offers at least one or two details that are instructive beyond those other great options.
A to Z (100 points)
This encrypted flag will only require a simple substitution cipher to solve. Rearrange the letters from A to Z.
To start with I ran the string through a quickly-googled Caesar cipher tool. For those unfamiliar, a Caesar cipher is a simple code system that was, in fact, used by Caesar. You simply replace one character with another character. The website I just linked uses the traditional version, where you basically start a different place in the alphabet (ex: S) and that becomes the replacement for A. Then the next letter, alphabetically (continuing with the ex: T) becomes B, and so on. When you get to the end of your code alphabet you wrap around to the beginning (ex: Z replaces H, and then A replaces G). Given the simplicity of this, it was enough to deliver an encoded message with a number (representing the starting index) if the recipient understood how it worked.
Unfortunately, after quickly scanning through all 26 possible starting positions it became clear this didn’t work. What about the second sentence? I took the given code and rearranged it’s letters from A to Z. Nope. Z to A? That didn’t work either.
You may have already figured out my mistake, but to be honest I skipped this one at the time of the event and only returned a month later, slightly better armed with a fabulous tool: Cyberchef. Cyberchef is your one-stop-shop for dealing with text across any format or encoding you can imagine. Put simply, you give it input text and a set of instructions, and it bakes the text and gives you an output text encoded/decoded however you asked.
In this case, it hit me: the cipher/key was the part I needed to rearrange! How? Well…I rearranged it so A (plain text) = Z (encoded text)…and then…what if B = Y, and so on? In other words, I just reversed the alphabet for the cipher/key.
It took me a second to realize my issue, but then I remember that in ASCII (or any text encoding, really) uppercase and lowercase letters are treated differently. My recipe text was all upper case, so I needed to either retype the substitution rules in lowercase…or…
…use the tools CyberChef already had. To explain in detail what’s happening here: I copy/paste the text from the challenge into the input field. Then I found the “To Upper Case” action on the left of CyberChef’s page in the “Operations” section. Similarly, I found the “Substitute” operations and dragged it below the “To Upper Case” action, because it happens second (the actions happen from top to bottom). At this point I was done–Cyberchef instantaneously output the processed text, bringing us to the flag text you see above. You can follow this link to see the exact Cyberchef configuration, and play around with it.
I hope you found this instructive. The two main takeaways here are to understand what Caesar’s cipher is, and to get a look at CyberChef.
For a hand-picked list of write-ups gleaned from MetaCTF's discord check this document I've put together. For even more writeups check here.