Posted on November 19, 2016 as Overthewire.
Krypton is another wargame from OverTheWire, that is based on cryptography and cryptoanalysis. As I really love this topic I decided to give it a try, unfortunately level 6 was way harder than I thought and I couldn't complete this, but I'm still happy with the results.
When we first access the Krypton game, we are greeted with this message.
As we know it's encoded using Base64, we can easily solve that in many ways - you can decode this string online, using built in Linux base64 module, or by writing tool in any programming language you want.
Firstly, let's find the files to work on.
From this one, we know that the string is encrypted using simple Rot13 encryption, meaning that each letter in the plaintext has been moved 13 times in the alphabet to produce the ciphertext. There are also many ways to decrypt this, but I'll show you this simple script that works really well.
Got it! Let's move to the next one.
As in the previous one, let's firstly move to the krypton directory.
This time instructions are a little bit more complicated, but whole task seems to be quite easy. Since I've previously made Python script to brute force the ciphertext, let's test it out in this situation. You can take a look at my script, but I strongly encourage you to try it by yourself!
And it worked, we've got the password to the next one: ************ !
Wow, this seems harder than the previous ones, but that's the whole point of the challenge, right?
I'm going to use tools from this website as they really make process of analyzing the ciphertext faster. As all messages were encrypted with the same key, I have copied them into the tools to have bigger material, and to get better and more accurate samples. What will come really helpful, is the frequency of letters in English.
Now let's slowly work out our way to the solution. Since I know that the most frequent letter that occurs is 's', I can assume that in plaintext it will be the letter 'e'. In addition 3 letter sequence - 'jds' can be matched as 'the'.
After hardly an hour of work I finally managed to find out all of the letter. Here's the encryption key:
Now the last step is to change the letters from the ciphertext: KSVVW BGSJD SVSIS VXBMN YQUUK BNWCU ANMJS.
Got it! Let's move to the next one ;)
This time we will work on Viegenere Cipher.
You can read more about this polyalphabetic cipher in my previous post Let's Talk Encryption dedicated to Vigenère cipher.
But to finish this challenge, we can use online tools, that will automate process of analyzing frequency which as you know, or may suspect, is very time consuming. I will use this website.
Firstly I will analyze intercepted messages to try and find the matching key. Great, key from that message seems to be frekey. Now, let's see decrypt our ciphertext HCIKV RJOX resulting in the keyphrase to the next level!
So once again we have to try frequency analysis.
As in the previous one, I automate the process of analysing, with result of keylength as the suspect key. Let's try whether or not it works. BELOSZ decrypted using key KEYLENGTH results in the password to the next one!
It was great fun to complete these challenges, Krypton 6 was unfortunately to hard to complete, but I'll definitely come back to it after gaining some more knowledge about cryptography.