 Hey YouTube, John Hammett here. More Pico CTF 2018. This is the Caesar Cypher 2 Challenge. It says, can you help us decrypt this message? We believe it's a form of a Caesar Cypher. You can find the Cypher text also at this location on the shell server. We're given a download, so we can go ahead and just simply download that. I've got a directory created for us to work in. You should do the same. And we're just given simple ASCII text. Let's check out what that file is. And it's a lot of characters. So normally when we see a Caesar Cypher, and you can Google it if you haven't heard of it before. But it's a pretty simple and very common like form of classic cryptography or whatever baby stuff. So normally you would expect to see it all in the range of regular English letters like A to Z, 26 letters in the alphabet, stuff like that. In this case, we're working with some punctuation, right? We've got underscores and colons and braces and crap like that. So we know something is up. We can still work with this, right? Because we understand the ASCII table or the range of characters that we could possibly work with on our computer. So let's create a simple ape.py or a Python script to work with it. I call it ape because I'm just throwing stuff at stuff and seeing what works. So I'm gonna use a context manager because people yell at me until I use them. It says with open cipher text, the name of the file as handle, we can say handle dot read will actually be our content or what we're actually working with. Now let's go ahead and loop through all of the possible permutations for this Caesar cipher, right? We know not just 26 letters. We're essentially brute forcing, right? What could the possible key be? It's a small, it's a small brute force space, right? Because it's normally 26 for a regular Caesar cipher. But for this upgraded level, we know we've just got the 255 characters that are part of the ASCII table. So let's go ahead and do that. Let's say for I in range 255, because that's how many are in the ASCII table. And if you don't know what I'm saying when I'm talking about the ASCII table, you are given a notion of it in the hints if you want to go ahead and check that out. This is what we're looking at and working with. So just characters represented as a character, also in hex, decimal, et cetera, but there are 255. So let's go ahead and continue our script. For I in range 255, we can create a new string or just what to hold to hold the string that we're going to be working with the new one that we generate once we've done the Caesar type for operation to it. And then we'll actually go ahead and loop through the characters that are inside of our ciphertext. So for C in content, C being character, right, what we can do is we can do new string dot append. And what I'm going to do is I'm going to take the character rendition or CHR of the ordinal value of the current character that I'm looking at. So that will convert it to the number on the ASCII table. And then I will add on an I, so the current index or iterator that we're looking at in our 255 loop here. And so that's doing the shift. That's doing the actual Caesar cipher operation. But we've got to put it back in the range of 255 in case it goes greater than that. So we can do that by simply wrapping around right using the modulus operator. So that should simply work for us. We want to do that inside of our character string here, our character function here. So make sure that 255 wrap is inside the CHR function. And then we will close that append syntax. So cool. Now at the very, very end, we can print out the joined version of our new string. And let's go ahead and see what this gives us. If I go ahead and run python ape.py, there's a lot of garbage, right? Because we're going to get a lot of those non printable characters that are still present in the ASCII table. If you want to clear this up, what we can do is if my terminal will ever come back, okay, I think I broke it, whatever. YouTube Pico. Let's get to Caesar cipher two, zoom in a little bit more. Let's actually run our ape script, but pipe our ape script, but pipe it to strings, right? So now we have all of the printable strings that we can work with here. And we can be pretty confident, also because we can see it right there, that we have the flag by grepping for Pico, right? Or Pico CTF. And then we just have the flag here Caesar ciphers just aren't secure. So kind of neat, kind of cool, right? We can modify our script. We can say if Pico is actually in this Pico is in the string that we're given here, we can print it out. And let's not do this twice. So let's just say new string equal that after we're done looping. So we can print new string and just put it in that conditional. Now when we run python ape, all we get is our flag. So we can change this to a get flag script instead, right? Because I like to consolidate our answers market executable, and then we're good to redirect it to a flag dot text file. Let's throw in our clipboard so we can go ahead and submit it. And done 250 points up more on the scoreboard, we can mark this challenge as complete. And that is that simple Caesar cipher, but just expanding our search, not just using the 26 characters you expect in the alphabet, but going through the full range of printable characters or data that we can work with. Alrighty, thank you so much for watching guys. Hey, I want to give my goodness. Sorry for the cough. That was just a joke. I wasn't even really coughing. I just needed to add to this bit of how much I screwed up. Hey, I want to give a special shout out and thank you to my Patreon supporters. I can't say thank you enough. You guys are what make this great, right? No other person can just put stuff out on the internet. No other stupid kid can put stupid stuff on the internet. And for some reason, super generous and nice people willingly hand him some funding. So I'm grateful for you and very, very appreciative. $1 a month on Patreon will give you a special shout out just like this. Your name gets added to this list. You get some love in the limelight at the very end of each video if you're into that kind of stuff. I don't know. Whatever boats your float, man. $5 a month on Patreon will give you early access to all of my videos that are released on YouTube before they go live because I like to release my videos in a gradual schedule like maybe daily or every other day. So hopefully if I have a lot of videos backed up and kind of part of the queue to be released, I'll put them in a Google Drive shared folder that you can have access to with just a generous donation of $5. And I am grateful for that. So if you did like this video, please do like, comment, and subscribe. Join our Discord server. Link in the description. It is a cool community full of CTO players, programmers, and hackers. And it's just awesome, right? You can talk to people. You can use the internet for good, not for evil. I gotta go. I'm being crazy. I'll talk to you later, guys. Hope to see you in the next video. Hope to see you on Patreon. I love you. Bye.