Our Cryptography challenges have historically been paper-and-pencil options, requiring less raw, technical skill to complete. The category is meant to be a more approachable option for participants who favor puzzles instead of hacking or coding. The example I’ll walk you through in this post is no exception.
The 300 point challenge from our 2016 CTF event required the application of a fence cipher and ROT-13, two well known and documented ciphers. ROT-13 is a straightforward substitution cipher in which letters in a message are replaced with the letter thirteen letters after it in the English alphabet. In a fence cipher, as described on Wikipedia:
…the plaintext is written downwards and diagonally on successive “rails” of an imaginary fence, then moving up when we reach the bottom rail. When we reach the top rail, the message is written downwards again until the whole plaintext is written out.
Let’s take a look at the challenge itself.
On the Fence
Participants were presented with the following description for the 300 point Cryptography challenge (“On the Fence”):
VAGRRVBRJRPUZVEGGNUFN
JANRUIEOFYXABRIENXLBNPGRXLFLRYNXBEVGRVZPHR
NORLGRARFGGURZNFGAZLF
Technically, either cipher could be applied first. However, our intent was for participants to take the title of the challenge as a hint and begin with the rail-fence. A Google search of “fence crypto” looks like this:

Based on the Google results, the next step would be to put the provided text in a format suitable for deciphering:

Re-blocking the text with the fence now deciphered, we get the following string:
vjnaanorgurirelorfgyvxrabbarrirejnfxrlgbpngpugurzxrlvfzlernygnfxgbgenvagurzvfzlpnhfr
There are no direct hints that ROT-13 needs to be applied to the resulting text block. However, the text does not bare any recognizable signatures of known hash or encoding schemes. And so, applying random algorithms to the string will eventually lead one to use ROT-13. Doing so yields yet another block of text:
iwannabetheverybestlikenooneeverwaskeytocatchthemkeyismyrealtasktotrainthemismycause
Parsed out by English words, we get (capitalization for effect):
I wanna be the very best like no one ever was KEY to catch them KEY is my real task to train them is my cause
The answer is now fairly clear, “to catch them”; the two KEYs stand out within the well known lyrics to the Pokemon theme song.
Possibilities
The cryptography challenges used in previous RSM capture the flag events have covered a wide range of crypto puzzles and ciphers including foreign languages, staff ciphers, and book ciphers using web pages. Anyone looking to participate in RSM’s 2017 CTF should familiarize themselves with these concepts and more!