 What's up everybody? This is another YouTube video right up for this challenge vinegar on TJCTF for the most recent capture the flag competition. The challenge is only worth 15 points But I found this to be one of the more difficult challenges or at least I got stuck on it for a while I kind of collaborated and worked with a team member TK defender. So shout out to you You're awesome and thank you for all your help in this CTF But let's get started the challenge prompt here is I just want something more than a Caesar salad Maybe I should order another one and it gives us this prompt here vinegar dot text So checking out this file. It gives us a key a flag that is seemingly encrypted not real TJCTF format and a shot to 56 hash of Hopefully the correct flag. So we have pieces here and this is a like cryptography challenge So we've got to figure something out I think what we're looking at and we can kind of safely assume with the challenge titled vinegar That this is a refer this this reference or it's trying to refer to the vignier cipher and I may not be pronouncing that right Please forgive me But vignier cipher if we check that out we can take a look at Wikipedia. It's some French thing. So It is a method of encrypting alphabetic text by using a series of interwoven Caesar ciphers based on the length of the keyword It's a form of a poly alphabetic The cipher is easy to understand implement but it resisted all attempts to break it for three centuries which earned the title the Couple French words and the indecipherable cipher. So Now we have cracked it and we can figure out means of getting it and if we were given this text Oh and didn't know okay, whatever this key might be we could try other online tools I think there's like one at my geocaching profile or something we can probably try and find out like vignier cracker Or decoder online and you can find tools But I was not able to actually successfully get it that way I kept trying to give it's like okay supply that key and kkkk But that's just plain idiocy because you want to that's repeating letters that wouldn't help your You wouldn't help the cipher at all in this case So I didn't get actually get any plain text out of that But know that those tools exist if you ever have a simpler challenge of this The note here and I want to get out of this because we are going to be implementing our own Rendition of the cipher to encrypt and decrypt within Python so we can successfully solve this challenge So let's get down to the description here and I will try and talk you through this If you've already pretty much have an understanding of the cipher don't worry about it You can skip this section or whatever, but okay It notes that in a Caesar cipher each letter of the alphabet is shifted along some number of places So Caesar ciphers are very easy. They're not hard for us to move through and brute force and CTF seen so yeah Example if using a key of length or numbers of number three in a Caesar cipher a becomes B Sorry a becomes D B becomes E etc etc the veneer cipher It takes advantage of several Caesar ciphers with different shift values So it creates like a table or a veneer square or a veneer table and we have a picture of it over here that we can explore and We'll actually use that just to kind of demonstrate this example that they're talking about here For example, suppose a plain text is encrypted to be just the words attack at dawn The person sending the message chooses a keyword and repeats it until the match till it matches the length of the plain text So if we use our key lemon it would repeat lemon lemon let until it's the same length as the original plain text the most common case that you'll see for veneer ciphers is using one Specific case either uppercase or lowercase and it tries to remove punctuation. So space characters Curly braces in our case underscores numbers, etc. Those are not often seen in this veneer cipher. So they showcase an example Would they talk about okay? How you're using one row from the key and a column of what you're actually trying to encrypt And finding that mapping row and column on the veneer table There's a mathematical way to do it. That's pretty neat But I probably won't cover it because I don't want to go through using that in our python script I'm just gonna essentially recreate the veneer square And it will just give us a ciphertext. So let's try that with just a couple examples attack at dawn and lemon We'll check out the veneer square here If we were using the letter a just from the attack at dawn plain text That's going to be the column that we're looking at and our key is going to be the row So L we would use L this row and matching it up with column a so L Is just the first thing that we saw and then we would move on to another shifted letter because now we want to use t In our next letter of attack at dawn the plain text So that'll be the column that we're working with and that next letter in our key in this case is lemon So e Check out e check out that row all the way to the t column and you can see the letter x there So that is kind of the encryption scheme and we can reverse that as we needed to by using the same veneer square Okay, so that's enough of me talking about it now I want to actually show you how we can recreate this in code So we have our own implementation of the veneer cipher. So I will up Get my terminal open and create a new text file It's a python script that we can start to work through and We'll include some libraries and built-in libraries that we can work with and let us do interesting stuff for some of you that have seen my Easy Caesar cipher video you'll note that I use the collections library to go ahead and like Get our list in a deck or a DQ I don't know how to pronounce that either But a list that we can rotate and shift around very easily and then I'm going to actually use this lower case Variable because I want all of my text to be in lower case again You could use uppercase, but I'm just using lower case in this case because I think that works easier for this challenge So we'll create a deck of this string that ask you lower case We could probably just use lower case here. I'm using the string module So we have all the alphabet and letters just fine, and I'm actually going to put digits in this as well and Then I will want to create our message And we can just use attack at dawn and let's use our key can be lemon and Again, I will probably end up converting these to lower case And we'll do that in our own encrypt function or decrypt function with it We'll take the message the key and that's all for now. I suppose And then I will shrink it down in case it does happen to have spaces in it So I will use compressed message equals message Dot and we can replace spaces if we wanted to but I'm just going to convert it to lower case But note that you could just use message dot replace These and also if you want to loop through all the punctuation characters and remove those as well You could but for this implementation. This is just fine Actually, let's go ahead and remove that punctuation stuff. I Spoke too soon string dot punctuation doesn't actually have the Space character in it so I tack it on here and I leave it inside this string function because if I try to have a colon Following that plus it would freak out in the Python syntax Then I'd go ahead and replace all of those things So they are removed perfect Okay, now I want to go ahead and cycle our key just as we did in that Wikipedia article they say that okay lemon will be stretched to Be the same length as our original plain text. So I don't need to Do that by hand I want Python to handle that for me because I just want to give it a key and we can just use that I do also want to Set that key to lowercase though Now I will go ahead and create a cycler dot next I'm sorry. I'm sorry. I'm skipping ahead in my notes. My bad We actually will use the iter tools module which is super duper handy for Creating permutations and combinations and actually brute-forcing stuff and we'll do that later on as we're attacking this challenge But to create a cycle or to repeat repeating character based on a certain length. We can use iter tools cycle Oh And that will actually we can pass key that lower in there. So we don't need to worry about it later I'm trying to look at my notes on another screen. So I'm sorry if things are a little bit wonky Now we can go ahead and like actually cycle this So we can just it's a generator function So we can run cycler dot next over and over and over again And I'm actually going to do that in some less comprehension We'll do that for the length of the compressed message. So we know that it's okay going to be the same Same length and we'll join these all together. So now if we were to print that out, we would have lemon lemon over and over again Let's actually do that just so I Can get a little bit of a Work going on encrypts message and key Okay, so now you have lemon lemon lay perfect that is cycled the way that should be okay Now we will actually go ahead and go through that encryption or decryption process And we'll do that by creating a variable that will keep track of the ciphertext or the eventual result here And I'm gonna call it just coded I'm gonna say it's an empty array because I will append on to it and that's how I'm just gonna generate a string So I'm actually going to index the key and plain text with Essentially in the integral. I'm sorry. Wow. I'm totally choosing the wrong word an iterator here So normally I would just use I but in our case number will work just fine and I want to go through all of the numbers that represent the Key or the compressed message here because they're the same length, but I just want to count up to that number So then what we can do is we can actually get the original letter that we're working with From our plain text, I'm just gonna call it cipher letter here because we will use it as the cipher letter Whether or not we are encrypting or decrypting and we'll just index it with the number that we're working with or actual index So that way we can go ahead and get the key letter the same way by using key Based off of a long key. Remember because we do want it to be the same length that we're working with Using that same index there and because we can get the index like the literal numeric index of that key letter We can go ahead and shift the letters like regular alphabet lowercase or uppercase whatever case you decide to use and Quickly generate that segment or that row or column of the veneer square or the veneer table So let's do that. Let's go ahead and just get that key index We can just use our regular string dot lowercase index of the cipher letter and Because we are working with Let's actually just bring this lowercase down here and we don't have any numbers so we won't bother with that We may not even have had numbers because we're removing things like punctuation and numbers and stuff like that We're typically just expecting English text in this case or any other text So let's rotate that because now that we can with this deck type We can rotate it by the key index that we're working with Now that we found it. We're essentially creating that shifted row that we would have seen in that veneer square or veneer table and this is very similar to what we would do in a Caesar cipher where we are shifting it cool Since we have that now as a Like deck function or deck file a type data type. It's not a list yet So let's go ahead and create a list of that by just joining it together perfect and Then we'll get the new character that we actually want By just using that new alphabet indexed with the cipher index Which I did not write. Oh I see I actually Tried to use the key index with the cipher letter That should have been the key letter and I should have gotten the cipher index with Appropriately the cipher letter. I'm sorry about that I'm sure you probably saw that code and we're like wait, that doesn't make sense Why are you getting the index based off of a different key or cipher? Thank you. Good catch. Nice job guys So let's use the cipher index here Okay, that will get the new character and essentially getting that Column or row based off of the veneer square that we're making line by line here And then we can add that to our coded version or essentially our encrypted or decrypted string We'll go ahead and add that new character that we've received We're done with our for loop at that point so we can join together the coded or the encrypted or decrypted message And let's try that. Let's try and just print out the encrypted version of Message with our key on this and we do not get the same output that Wikipedia had and We're curious about that right because hmm I think it's shifting it not the correct direction or not the correct way. So let's try and locate the Rotate function right and then let's try and move it the other direction and we can do that with a another Multiplier like negative one and just put that the other way great Okay, so now it shifts to the left or to the right whatever case may be we're just to the opposite one So now we have lx fo pve which is exactly what they are receiving Okay, so now you've figured out with that multiplier, you know, that's the exact same code to Encrypt or decrypt. Let's actually pass that in as a third argument. Let's say multiplier Which for encrypting will by default be negative one But if we wanted to create Multiplier Forgot an eye in there If we wanted to create a decrypt function with a message and key we would simply run encrypt with message Key and a positive Multiplier in that case so it would shift it the other way So if I encrypted message key and then wrap that in decrypt we should just get okay our original message attack it dawn right And I need to pass in the same key Cool attack it dawn perfect. So now we have a simple Python implementation of This veneer cipher now we can actually use that same capture the flag Prompt and text that we had previously and we can start to work on this challenge. I'm sorry that took so long This video is going to be lengthy and I apologize for that Just for good practice and to kind of keep our code separate Let's create a new script just for testing with the CTF challenge now that we have the veneer cipher implemented And let's go ahead and work with these variables key flag etc. So we do want to have encrypted which can be the string of our flag and Shot 256 will work with later The key we don't particularly need to work with right now But let's talk this out and let's think about this because we know that the key will repeat And we know that we're not going to be working with either uppercase or lowercase letters So since we didn't have a space in there We can remove that just for our own sake and that means that the original flag message would not have that in there To begin with either it would not have these curly braces So we have 30 characters for our flag and 30 characters for our key That's the correct length that we would expect and we can see a little difference in the case here There's a capital K and then other lowercase case another capital K every what is that let's say nine characters okay, so I Took a hunch and TK defender Nike were understanding and trying to try to expect that that means that this key is nine characters long so we know what The first five characters of this flag should be in plain text because if we're expecting it in the same flag Format as all the other challenges It should be in TJ CTF and then those curly braces of course would follow suit So we'll have to deal with those soon, but we can Use Python and our new implementation of the veneer cipher to brute force what this First five letters of the flag may be and that means we can brute force what the first five letters of the key may be So let's go ahead and do that The way that I was able to do that was by taking encrypted here and then I would try and use every permutations for P in iter tools dot permutations of Lowercase letters and I want only five of them so I can print out P in this case And you'll see that okay, we look through all the possibilities of those five characters. I Should kill that Not gonna do it. All right, whatever Let's go ahead and join these so now we have an original Potential key right key equals all of these and then we want to try and decrypt the Message and key here and but we only want to do the first five of the message With our key because we're expecting that okay only the first five characters could turn into TJ CTF so if decrypted is Equal to TJ CTF then print we found the key and we can print that out So that we have it and break here So now let's go ahead and try that in Python We can run our script ape dot pi and it'll take a little bit of time But fingers crossed we are looping through all these potential outcomes. One of them should get a hit and I completely failed and that I am using encrypted as my original message not message good catch Hope you guys caught that too If you wanted to you could print out the decrypted text that you are getting over and over and over again Just so you see that you are making progress you are going through all those possible permutations But if you're trusting of it, which I should have been We can see that okay. We did get the correct key in that it is blaze So now we've made progress we figured out the first portion of the key I originally thought like well I'm gonna have to like brute force the entire key because I just have no idea what to do here But that's 30 characters long That's just too much But using the knowledge that we already have like knowing that it's gonna be the flag format We can figure out the first couple and since we are going to assume that this key is nine characters long Now all we have to do is brute force another four characters, right? So start of key can equal that and Let's actually Comment that out because we don't need that anymore, but we can say 4p in intertools permutations String that lower case go through all the possible like brute force characteristics of lower case and four We would do want it to be a length of four now because five and four are gonna equal nine So we can say the key can equal the joined P With blaze at the very front or the start of the key at the very start of it And then we can use that shot to 56 hash to determine if we actually have the correct Original flag, so let's go ahead and decrypt it now Try and run decrypted with decrypt our original encrypted message No need to cut it down now because we want to use the full thing and we'll use the key that we're trying But this shot to 56 hash is working with the curly braces in there We can assume so let's go ahead and add those in let's say flag can equal Decrypted up to the first five characters with our curly brace added in With all the way the fifth character onward to The last character with our curly brace added in at the very end, okay So now let's go ahead and see if we can calculate the shot to 56 hash of that flag. Let's import hashlib So we can work with those and let's just say s can equal hashlib dot shot to 56 We can update that with the flag that we're trying to work with and we can run hex digest to get that hash So if that hash of the flag is Actually equal to the shot to 56 string that we saw we know that we have the correct plaintext so let's try and run that let's print out We got it and let's print out the Flag in that case now. Let's break and Fingers crossed hopefully we can get some good stuff here So we did get the flag just like that TJ CTF one vinaigrette salad, please and that was awesome I think that was a really cool technique of using a shot to 56 hash to determine whether or not we got the correct thing Trying to use some knowledge between what we have versus the flag format, etc. Etc So that's awesome. I think this is a really cool challenge It definitely tripped me up for a while I don't know where I was thinking with using this as a key because that doesn't make sense or trying to brute force 30 characters But really really cool. We can denote this as the our get flag script if we want We can create a new text file for that as our flag dot text and we can go ahead and submit that for 15 points on the scoreboard for TJ CTF Hey, I want to give a quick shout out to the people that support me on patreon You guys are phenomenal one dollar a month on patreon We'll give you a special shout out just like this at the end of every video five dollars a month on patreon We'll give you early access everything that released on YouTube before it goes live if you did like this video You want to see more of them? Please do like comment and subscribe join our discord server link in the description I want to make this video end because I know it's way too long already. So thank you so much guys Hope to see you on patreon. Hope to see you in a later video. Thanks