 What is going on everybody? My name is John Hammond and welcome back to another YouTube video for some Capture the Flag. We're taking a look at Sunshine CTF, which is the Capture the Flag competition that was hosted at B-Sides Orlando. They made it available online. It was a lot of fun. So I solved a few challenges, wanted to showcase some of them for you, and let's dive into first the cryptography category. I don't know why I combined those words there. Alright, this first challenge is called Welcome Crypto, and I stared at it for the longest time and did not solve it for the longest time because I looked at this and was like, what is this? I have no idea what that could possibly be referred to. I don't know what it is. Some random encoding, some kind of cipher, I mean, I guess clearly, right, it's in the cryptography category. And I don't actually have this jotted down in CTF Katana, at least the document rendition of it. After seeing this challenge, I, after having some come-to-jesus moments, I found this, okay, I found this now. This is ROT 47, and I've added it to the automated rendition of Katana, and I'll showcase that at the very, very end. I don't know what you would do to track that down, other than going to, like, decode FR or Rumkins and all those websites that offer, like, all these different, weird, random, classical cryptography ciphertext and decode, is decode FR, just strictly the French one. I know there's an English one, obviously. Decode FR English. I'm glad that's top on the top of the list there. Okay, cool. Maybe this will have a reference to it in just the couple listings here, cryptography, cryptanalysis, modern cryptography. No. Polyophobetic, that's not right. Transposition. Maybe you could drag it down somewhere. Oh, actually, there it is, ROT 47. If you were, for some reason, to go through all of these, like, by hand or manually, you might be able to track down the ROT 47 cipher, but they do have some functionality for it, so you can just paste that in there, decrypt it, and there's some nonsense up top, but they do give you the flag there. Son, welcome to the KH. So I had done some research on this, because, like, well, that's stupid. I want to be able to do it in Python. It looks like there is a ROT 47.net, where they showcase it and how to do it. You can actually, again, just paste it in there, and it will go ahead and return that value for you. And from what I understand, they have actual representations of all of this in different languages. So ROT 47.py is a thing, and I kind of shamelessly stole it, ripped it, and put it in Katana. So I'll show that to you, because Katana is not yet public. It's still kind of hidden away, but I like to offer some teasers if, for some reason, people like that, whatever. You can probably stop watching the video now if you want to, but I can showcase Katana. So let's move into Katana, and there is some stuff in there. So we can run Katana. We'll say, okay, we'll specify the unit. It is a cryptography challenge, and we need to know a file for this. So let's actually create a file before we do this. Let's just say test.txt, paste it in there. And I actually have a results folder already. So this will yell at me if I were to try and run Katana like that. Say, let's run Katana with a cryptography unit, and we'll use it on test. Oh, the results directory already exists. So let's remove it. Good. And now we can run Crypto on this. And we've got a lot of results that came out here. It did find an interesting result, right? ROT 47 is unit now, so it will go ahead and determine that. Reversing, regular ROT 13 and Caesar cipher where it comes through. Okay, let me just remove the results directory as part of that command. Okay, cool. So now you can see a little bit more of that output at bash cipher automatically rolls through Caesar cipher automatically rolls through blah, blah, blah. Maybe you could see this on your own. But we do of course have the functionality to specify a flag format. So we've got a regular expression sun there. And actually, sorry, it's flag hyphen format. I like to use tack ff for the shorthand rendition of it. That works just fine. And now we'll be able to see okay, the sun flag is there, it will determine it for us and displayed on the screen. So it just cranks through hammers a lot of different potential stuff. And that is just only the cryptography unit. We do have a couple others. And we're always adding to it. So if you've got some ideas for low hanging fruit, we can throw into Katana, I would be grateful to see it. Right now that's private. It'll be open source, but I want to make a good impression. So first, we're gonna keep slowly adding to it. Thanks for watching guys. Hope you enjoyed this. You can go ahead and submit that for 50 points if you'd like to. If you did like this video, please do like, comment, subscribe, join our discord server. There is a link in the description. I just tweaked some security settings in there. So hopefully it's not going to be rated by spammers. Don't be a spammer. Slap your wrist thing that I'm gonna stop recording now.