This post (Work in Progress) lists the tips and tricks while doing Cryptography challenges during various CTF’s.

Codes and Substitution

  • If you get some text atleast few paragraphs and some random numbers as (1, 9, 4) (4, 2, 8) (4, 8, 3) (7, 1, 5) (8, 10, 1), it might mean (Paragraph, Line, Word).

  • If you get a poem followed by some numbers and ciphertext, probably it’s Poem Code The poem code is a simple, and insecure, cryptographic method which was used by SOE to communicate with their agents in Nazi-occupied Europe. The method works by the sender and receiver pre-arranging a poem to use.

  • If you see multiple flags, which may mean something. Maybe have a look at International Maritime Signal Flags


Asymmetric Encryption


Different public exponent (e) and the same modulus (N)

Provided with e1, e2, c1, c2 and N, Refer rsa_e2

e1: 65337
e2: 1025
n:   9898006990106....
c1:  8876427863578....
c2:  3874365421971....

Symmetric Encryption

  • Fernet : Fernet guarantees that a message encrypted using it cannot be manipulated or read without the key. Fernet is an implementation of symmetric (also known as “secret key”) authenticated cryptography.

E: openssl aes256 -salt -in flag.txt -out flag.txt.enc -k unbreakablepassword1234567
D: openssl aes256 -d --in flag.txt.enc -k unbreakablepassword1234567

D: openssl enc -d -aes256 -in dracula.txt.enc -out dracula.txt -S 0f3fa17eeacd53a9 -K 58593a7522257f2a95cce9a68886ff78546784ad7db4473dbd91aecd9eefd508 -iv 7a12fd4dc1898efcd997a1b9496e7591

Esoteric programming language

This would be the best page to refer Esoteric programming language


Rockstar: Rockstar is a dynamically typed computer programming language, designed for creating programs that are also song lyrics. Rockstar is heavily influenced by the lyrical conventions of 1980s hard rock and power ballads.

There are multiple program to convert the rockstar to ruby, python and others.


Piet is a language designed by David Morgan-Mar, whose programs are bitmaps that look like abstract art. (Steganography - Challenges)


Malbolge : Malbolge is a public domain esoteric programming language invented by Ben Olmstead in 1998, named after the eighth circle of hell in Dante’s Inferno, the Malebolge

  • Caesar cipher and substitution cipher can be solved by using Cryptool 1. Just check the Analysis option, there’s analysis for Symmetric Key,Asymmetric Key, Hash and others. Otherwise, a good website to solve substitution cipher is Quipqiup. Ceaser cipher good website is Caesar cipher decryption tool

  • If you get some ciphertext encrypted by XOR, xortool. It can help you to find the key length and the key.

  • All ciphers listed at Cipher Tools

  • If we have a “3845281945283805284526053525260547380516453748164748478317454508” something like this? It might be a Polybius square cipher, where each 2-number block in the encrypted text is a coordinate on a 5x5 square.

  • If we examine the encrypted string, we see that when divided into blocks of 2 every first letter, x, falls on the interval 0<=x<=4 and every second letter, y, falls on the interval 5<=y<=9. This knowledge combined with the hint that our cipher will be missing the letter “z”, we can construct a 5x5 Polybius square (hence the hint sqrt(ABCDEFGHIJKLMNOPQRSTUVWXY), because the alphabet minus Z is of length 25 and sqrt(25) = 5).

Different Base

Golden Ratio Base

Golden ratio base is a non-integer positional numeral system that uses the golden ratio (the irrational number 1 + √5/2 ≈ 1.61803399 symbolized by the Greek letter φ) as its base.

If we get output something like


Use the below code from Argeus C. Dominguez on his PicoCTF writeup to decode it
from math import ceil
from scipy.constants import golden

def phinary_to_decimal(phigit):
    integer, fraction = phigit.split(".")
    integer = integer[::-1] #reverse integer string

    number = 0

    for i, x in enumerate(integer):
        if x == "1":
            number = number + golden ** (i)
    for i, x in enumerate(fraction):
        if x == "1":
            number = number + golden ** -(i+1)

    return number

if __name__ == "__main__":
    with open("phi_enc.txt") as f:
        string =
        string = string.rstrip("\n")

    #Split string every 15th character
    phigits = [string[i: i + 15] for i in range(0, len(string), 15)]

    decoded_phi = []

    for phigit in phigits: