By Narcissus


We downloaded and extracted BSidesTLV2018-Crypto2.7z to recieve Anorak’s Invitation.txt. When we opened it to look at it we found complete nonsense:


We wondered what Anorak’s Invitation was, so we googled it and came across a book. After analyzing the text we discovered that they took the first chapter of the book we found, added a flag to the end of it, and encrypted the result using a many-to-one substitution cipher. We realized this because they didn't alter the word lengths i.e. there were the same number of letters between the spaces in both the plain-text and the cipher-text.

The encrypted flag we had was: \x07voO}\x1cJ¾\x19»ØÝØ\x1aݠæîÔ, and we know that all flags are in the following format: BSidesTLV{flag}. So we already have part of the flag:


We replaced all of the characters we new with their original letters. Now we need to find the rest.

We altered the cipher-text a little to make finding the original paragraphs easier, for example the first paragraph we brought earlier now looks like this:


And in plaintext:


Because it was a pretty long text we modified only the relevant paragraphs.

When we searched for Ø we found 3 matches, two in the flag and one in the third to last paragraph:


Which was:



We checked the corresponding character in the plain-text and found it should be 4. We continued this method until we had most of the flag: BSidesTLV{4948941›671}.

But we had another problem, the character came up only once in the cipher-text and that time was in the flag. Luckily it seemed like there were only numbers in the flag so we could "brute-force" the character in the ctf system.