Crypto CTF Basics

beginner30 minWriteup

Fundamental cryptographic concepts for CTFs

Learning Objectives

  • Recognize encoding types
  • Use CyberChef effectively
  • Identify cipher types
  • Understand common crypto mistakes

Cryptography challenges in CTFs test your ability to recognize encodings, identify cipher types, and exploit weak crypto implementations. Don't worry - you don't need a math PhD, just pattern recognition and the right tools!

80% of CTF crypto challenges can be solved with CyberChef, basic pattern recognition, and knowing when to use specialized tools. The remaining 20% require actual crypto knowledge!

Encoding vs Encryption

1606070;"># ENCODING: Transforms data format, NO key needed
2606070;"># - Base64, Hex, URL encoding
3606070;"># - Anyone can decode
4606070;"># - Not security, just format conversion
5 
6606070;"># ENCRYPTION: Scrambles data WITH a key
7606070;"># - AES, RSA, DES
8606070;"># - Only key holder can decrypt
9606070;"># - Actual security
10 
11606070;"># HASHING: One-way transformation
12606070;"># - MD5, SHA256
13606070;"># - Cannot be reversed (only cracked)
14606070;"># - Used for verification, not encryption
15 
16606070;"># CTF crypto often involves:
17606070;"># 1. Identifying what you're dealing with
18606070;"># 2. Decoding/decrypting it
19606070;"># 3. Recognizing the flag format

Common Encodings

bash
1606070;"># Base64 - Most common!
2606070;"># Characters: A-Za-z0-9+/
3606070;"># Ends with = or == padding
4ZmxhZ3t0aGlzX2lzX2Jhc2U2NH0=
5606070;"># Decode: echo "ZmxhZ3t0aGlzX2lzX2Jhc2U2NH0=" | base64 -d
6606070;"># Result: flag{this_is_base64}
7 
8606070;"># Base32
9606070;"># Characters: A-Z2-7
10606070;"># Ends with = padding
11MZWGCZ33MZUWY33PNVSSC===
12606070;"># Decode: echo "MZWGCZ33MZUWY33PNVSSC===" | base32 -d
13 
14606070;"># Hexadecimal
15606070;"># Characters: 0-9a-f (or A-F)
16666c61677b6865787d
17606070;"># Decode: echo "666c61677b6865787d" | xxd -r -p
18606070;"># Or: python3 -c "print(bytes.fromhex('666c61677b6865787d').decode())"
19 
20606070;"># URL Encoding
21606070;"># %XX format
22flag%7Burl%5Fencoded%7D
23606070;"># Decode: python3 -c "import urllib.parse; print(urllib.parse.unquote('flag%7Burl%5Fencoded%7D'))"
24 
25606070;"># Binary
2601100110 01101100 01100001 01100111
27606070;"># Use CyberChef "From Binary"

CyberChef Magic

Paste any encoded text into CyberChef and click "Magic" - it auto-detects most encodings and chains multiple decodings automatically!

Identifying Encodings

1606070;"># Quick identification guide:
2 
3606070;"># Ends with = or ==? → Base64 or Base32
4606070;"># All hex characters (0-9a-f)? → Hex
5606070;"># Contains %XX? → URL encoded
6606070;"># Only 0 and 1? → Binary
7606070;"># Looks like text but shifted? → ROT13 or Caesar
8 
9606070;"># Online tools for identification:
10606070;"># - CyberChef (gchq.github.io/CyberChef)
11606070;"># - dcode.fr/cipher-identifier
12606070;"># - quipqiup.com (for substitution ciphers)
13 
14606070;"># Python identification:
15import base64
16import codecs
17 
18def identify(text):
19    606070;"># Try base64
20    try:
21        decoded = base64.b64decode(text)
22        if decoded.isascii():
23            print(f606070;">#a5d6ff;">"Base64: {decoded.decode()}")
24    except:
25        pass
26 
27    606070;"># Try hex
28    try:
29        decoded = bytes.fromhex(text)
30        if decoded.isascii():
31            print(f606070;">#a5d6ff;">"Hex: {decoded.decode()}")
32    except:
33        pass
34 
35    606070;"># Try ROT13
36    print(f606070;">#a5d6ff;">"ROT13: {codecs.decode(text, 'rot_13')}")

CyberChef Mastery

1606070;"># Essential CyberChef operations:
2 
3606070;"># Encoding/Decoding
4- From Base64 / To Base64
5- From Hex / To Hex
6- From Binary / To Binary
7- URL Decode / URL Encode
8 
9606070;"># Crypto Operations
10- ROT13
11- ROT13 Brute Force
12- XOR / XOR Brute Force
13- AES Decrypt / AES Encrypt
14- DES Decrypt
15 
16606070;"># Analysis
17- Magic (auto-detect!)
18- Frequency Analysis
19- Entropy
20 
21606070;"># Data Manipulation
22- Find / Replace
23- Regular Expression
24- Extract strings
25 
26606070;"># Pro tips:
27606070;"># - Chain operations by dragging
28606070;"># - Save recipes for reuse
29606070;"># - "Fork" splits input for parallel processing
30606070;"># - "Subsection" applies operation to part of data

CyberChef Workflow

1
Paste InputPut your encoded/encrypted text in the input box
2
Try MagicClick the Magic wand - it often solves simple challenges
3
Identify PatternLook at character set, length, padding
4
Add OperationsDrag appropriate operations to the recipe
5
Chain if NeededAdd more operations for multi-layer encoding

Hash Cracking

bash
1606070;"># Identify hash type
2606070;"># Online: hashes.com/en/tools/hash_identifier
3606070;"># hashid: pip install hashid && hashid "HASH"
4 
5606070;"># Common hash lengths:
6606070;"># 32 chars: MD5 or NTLM
7606070;"># 40 chars: SHA1
8606070;"># 64 chars: SHA256
9606070;"># 128 chars: SHA512
10 
11606070;"># Online lookup (for common passwords)
12606070;"># crackstation.net
13606070;"># hashes.com
14606070;"># md5decrypt.net
15 
16606070;"># Hashcat cracking
17hashcat -m 0 hash.txt wordlist.txt     606070;"># MD5
18hashcat -m 100 hash.txt wordlist.txt   606070;"># SHA1
19hashcat -m 1400 hash.txt wordlist.txt  606070;"># SHA256
20hashcat -m 1000 hash.txt wordlist.txt  606070;"># NTLM
21 
22606070;"># John the Ripper
23john --wordlist=rockyou.txt hash.txt
24john --format=raw-md5 --wordlist=rockyou.txt hash.txt
Most CTF hashes are crackable with rockyou.txt or can be found in online lookup databases. Always try online lookup first - it's instant!

Multi-Layer Encoding

bash
1606070;"># CTFs love to chain encodings!
2606070;"># Example: Base64 → Hex → ROT13 → Original
3 
4606070;"># Step 1: Looks like Base64
5Vm0xNFlXSXhVWGxXYTJoVFlUSm9...
6606070;"># Decode Base64
7 
8606070;"># Step 2: Result looks like hex
9666c61677b6e657374...
10606070;"># Decode hex
11 
12606070;"># Step 3: Result is shifted text
13synt{arfgrq_rapbqvat}
14606070;"># ROT13 decode
15 
16606070;"># Final: flag{nested_encoding}
17 
18606070;"># Automation with Python:
19import base64
20import codecs
21 
22data = 606070;">#a5d6ff;">"Vm0xNFlXSXhVWGxXYTJoVllrWmFjRlZ0..."
23data = base64.b64decode(data).decode()
24data = bytes.fromhex(data).decode()
25data = codecs.decode(data, 606070;">#a5d6ff;">'rot_13')
26print(data)

Knowledge Check

Quick Quiz
Question 1 of 2

What's the key difference between encoding and encryption?

Key Takeaways

  • Encoding ≠ Encryption - encoding provides no security
  • CyberChef's Magic operation solves most encoding challenges
  • Identify by character set: hex (0-9a-f), base64 (A-Za-z0-9+/=)
  • CTFs love multi-layer encoding - decode step by step
  • Always try online hash lookup before cracking
  • Pattern recognition is more valuable than math knowledge