Decrypt please

这是刚刚结束的黑客竞赛 DefCon 2010中的一道题目:

Decrypt please

Ocmln. up.'g.bjf abanfoco odrgne er yd. ypcjt d.p. /,.nnw urp yd. mroy lapy=v
Ydco y.qy ,ao ,pcyy.b gocbi a ol.jcan t.fxrapew br bry .pirbrmcjw frg aoodayv
WdcbyV Yd. t.f frg ap. nrrtcbi urp co yd. bam.oat. ru ydco t.fxrapev WzdcbyV
This entry was posted in 网络安全. Bookmark the permalink.

3 Responses to Decrypt please

  1. dingxuan says:

    答案是Dvorak

  2. Duan Haixin says:

    2010-05-24 20:45:18

    Defcon 18 CTF qualifiers: a non-exhaustive write up

    By Tim Brown

    I say non-exhaustive, it doesn’t cover all of the CTF qualifiers, or even everything the team I played with achieved. It does however document some of the challenges I played and my successes and failures. Over the course of the 55 hours in which the game was in play, I must have looked at all of the challenges, either from the start or to help my friends when they got stuck.

    The first challenge I solved was c100:

    Decrypt please

    Ocmln. up.’g.bjf abanfoco odrgne er yd. ypcjt d.p. /,.nnw urp yd. mroy lapy=v
    Ydco y.qy ,ao ,pcyy.b gocbi a ol.jcan t.fxrapew br bry .pirbrmcjw frg aoodayv
    WdcbyV Yd. t.f frg ap. nrrtcbi urp co yd. bam.oat. ru ydco t.fxrapev WzdcbyV

    As you can see, this appears to be a paragraph of text, encrypted with an unknown cipher. Looking at the various words we can see that some are more frequent than others, particularly yd. which appears 3 times. I surmised fairly early on that this might be the word the and began to decipher the text based on the assumption that it was a substitution cipher. To begin with I used sed to substitute the old for new letters like so:

    x@localhost:~$ cat cipher.txt | sed -e “s/y/>THEEEEHTHETHEEETHETTHTETTTEEETEHTHTHEEETHEEETHEHTHEE<. I ran such cases through a dictionary like so:

    x@localhost:~$ grep -i "^he.e$" /usr/share/dict/british-english
    Hebe
    here

    Since Hebe is not a common english term, I concluded that it was likely that p was likely substituted for r and added this to my sed script. This soon got tiring and I wrote the following simple perl script to complete the job:

    @crypt = split(//, "Ocmln. up.'g.bjf abanfoco odrgne er yd. ypcjt d.p. /,.nnw urp yd. mroy lapy=v Ydco y.qy ,ao ,pcyy.b gocbi a ol.jcan t.fxrapew br bry .pirbrmcjw frg aoodayv WdcbyV Yd. t.f frg ap. nrrtcbi urp co yd. bam.oat. ru ydco t.fxrapev WzdcbyV");
    $foo{"="} = "*";
    $foo{" "} = " ";
    $foo{","} = "W";
    $foo{"/"} = "";
    $foo{"."} = "E";
    $foo{"'"} = "Q";
    $foo{"a"} = "A";
    $foo{"b"} = "N";
    $foo{"c"} = "I";
    $foo{"d"} = "H";
    $foo{"e"} = "D";
    $foo{"f"} = "Y";
    $foo{"g"} = "U";
    $foo{"i"} = "*";
    $foo{"j"} = "C";
    $foo{"l"} = "P";
    $foo{"m"} = "M";
    $foo{"n"} = "L";
    $foo{"o"} = "S";
    $foo{"O"} = "S";
    $foo{"p"} = "R";
    $foo{"q"} = "S";
    $foo{"r"} = "O";
    $foo{"t"} = "K";
    $foo{"u"} = "F";
    $foo{"v"} = "*";
    $foo{"V"} = "*";
    $foo{"w"} = "*";
    $foo{"W"} = "*";
    $foo{"x"} = "*";
    $foo{"y"} = "T";
    $foo{"Y"} = "T";
    $foo{"z"} = "*";
    foreach $char (@crypt) {
    print $foo{$char};
    }

    If you run this code, you'll notice that it doesn't produce perfect output (I've used asterisks when I don't know the substitution for sure). In the real world you might need every substitution to find the solution but here, hopefully:

    SIMPLE FREQUENCY ANALYSIS SHOULD DO THE TRICK HERE WELL* FOR THE MOST PART** THIS TEST WAS WRITTEN USIN* A SPECIAL KEY*OARD* NO NOT ER*ONOMIC* YOU ASSHAT* *HINT* THE KEY YOU ARE LOOKIN* FOR IS THE NAMESAKE OF THIS KEY*OARD* **HINT*

    should tell you everything you need to know.

    Mood: Tired

    Music: Nowt on right now

    You are unknown, comment?