```
This last level of the krypton challenges changed direction with a different type of cipher, a stream cipher.
--------------------------------------------------------------------------------
$cat README
Hopefully by now its obvious that encryption using repeating keys
is a bad idea. Frequency analysis can destroy repeating/fixed key
substitution crypto.
A feature of good crypto is random ciphertext. A good cipher must
not reveal any clues about the plaintext. Since natural language
plaintext (in this case, English) contains patterns, it is left up
to the encryption key or the encryption algorithm to add the
'randomness'.
Modern ciphers are similar to older plain substitution
ciphers, but improve the 'random' nature of the key.
An example of an older cipher using a complex, random, large key
is a vigniere using a key of the same size of the plaintext. For
example, imagine you and your confident have agreed on a key using
the book 'A Tale of Two Cities' as your key, in 256 byte blocks.
The cipher works as such:
Each plaintext message is broken into 256 byte blocks. For each
block of plaintext, a corresponding 256 byte block from the book
is used as the key, starting from the first chapter, and progressing.
No part of the book is ever re-used as key. The use of a key of the
same length as the plaintext, and only using it once is called a "One Time Pad".
Look in the krypton6/onetime directory. You will find a file called 'plain1', a 256
byte block. You will also see a file 'key1', the first 256 bytes of
'A Tale of Two Cities'. The file 'cipher1' is the cipher text of
plain1. As you can see (and try) it is very difficult to break
the cipher without the key knowledge.
(NOTE - it is possible though. Using plain language as a one time pad
key has a weakness. As a secondary challenge, open README in that directory)
If the encryption is truly random letters, and only used once, then it
is impossible to break. A truly random "One Time Pad" key cannot be
broken. Consider intercepting a ciphertext message of 1000 bytes. One
could brute force for the key, but due to the random key nature, you would
produce every single valid 1000 letter plaintext as well. Who is to know
which is the real plaintext?!?
Choosing keys that are the same size as the plaintext is impractical.
Therefore, other methods must be used to obscure ciphertext against
frequency analysis in a simple substitution cipher. The
impracticality of an 'infinite' key means that the randomness, or
entropy, of the encryption is introduced via the method.
We have seen the method of 'substitution'. Even in modern crypto,
substitution is a valid technique. Another technique is 'transposition',
or swapping of bytes.
Modern ciphers break into two types; symmetric and asymmetric.
Symmetric ciphers come in two flavours: block and stream.
Until now, we have been playing with classical ciphers, approximating
'block' ciphers. A block cipher is done in fixed size blocks (suprise!).
For example, in the previous paragraphs we discussed breaking text and keys
into 256 byte blocks, and working on those blocks. Block ciphers use a
fixed key to perform substituion and transposition ciphers on each
block discretely.
Its time to employ a stream cipher. A stream cipher attempts to create
an on-the-fly 'random' keystream to encrypt the incoming plaintext one
byte at a time. Typically, the 'random' key byte is xor'd with the
plaintext to produce the ciphertext. If the random keystream can be
replicated at the recieving end, then a further xor will produce the
plaintext once again.
From this example forward, we will be working with bytes, not ASCII
text, so a hex editor/dumper like hexdump is a necessity. Now is the
right time to start to learn to use tools like cryptool.
In this example, the keyfile is in your directory, however it is
not readable by you. The binary 'encrypt6' is also available.
It will read the keyfile and encrypt any message you desire, using
the key AND a 'random' number. You get to perform a 'known ciphertext'
attack by introducing plaintext of your choice. The challenge here is
not simple, but the 'random' number generator is weak.
As stated, it is now that we suggest you begin to use public tools, like cryptool,
to help in your analysis. You will most likely need a hint to get going.
See 'HINT1' if you need a kicktstart.
If you have further difficulty, there is a hint in 'HINT2'.
The password for level 7 (krypton7) is encrypted with 'encrypt6'.
Good Luck!
--------------------------------------------------------------------------------
There were also two hints in files "HINT1" and "HINT2":
--------------------------------------------------------------------------------
$cat HINT1
The 'random' generator has a limited number of bits, and is periodic.
Entropy analysis and a good look at the bytes in a hex editor will help.
There is a pattern!
$cat HINT2
8 bit LFSR
--------------------------------------------------------------------------------
So there was an executable "encrypt6" that would run in the folder /krypton/krypton6 and look for a file "keyfile.dat" owned by krypton7 located there.
"encrypt6" would take a plaintext file as its first argument and an output file for the resulting ciphertext as its second argument.
I thought I would need to generate a large ciphertext, so naively created a ciphertext for the installed dictionary
located at /usr/share/dict/words before realising this wouldn't be required, as frequency analysis of words wouldn't really be relevant here.
I also created a file of only symbols and numbers and ran it against the encryption executable to confirm what the ciphertext of those would be.
They rendered into ciphertext as null, telling me that symbols, punctuation, and numbers are ignored.
Also, lowercase letters were mapped to uppercase.
It was about this point I realized I was overthinking the problem.
I simply needed a common plaintext file with a single character!
When encrypted the repeating pattern of the stream cipher would show through,
since the same character is being encrypted continually - any pattern should be easy to spot!
So I created a file with a million "A" characters.
--------------------------------------------------------------------------------
$for i in {1..1000000};do echo -ne "A" >>A-plain.txt;done
--------------------------------------------------------------------------------
Then encrypting this with the random stream cipher used by "encrypt6" gave me a ciphertext.
--------------------------------------------------------------------------------
/krypton/krypton6/$ ./encrypt ~/A-plain.txt ~/A-ciphertext.txt
--------------------------------------------------------------------------------
Viewing the ciphertext in a hex editor inside of vi revealed a pattern
--------------------------------------------------------------------------------
vi A-ciphertext.txt
:%!xxd
--------------------------------------------------------------------------------
I repeated the exercise to create the ciphertext once more.
--------------------------------------------------------------------------------
/krypton/krypton6/ ./encrypt ~/A-plain.txt ~/A-ciphertext2.txt
diff -s ~/A-ciphertext.txt ~/A-ciphertext2.txt
Files /home/krypton6/A-cipher.txt and /home/krypton6/A-cipher2.txt are identical
--------------------------------------------------------------------------------
This would check if the random number sequence used for the stream encoding the plaintext was the same every time.
It was, but it would have been a fundamental error to assume this without checking.
I noticed the ciphertext 'random' pattern repeated "EICTDGYIYZKTHNSIRFXYCPFUEOCKRN".
I used this to calculate the key shift against the ciphertext of the next level password, krypton7 "PNUKLYLWRQKGKBE".
This gave me a plaintext password, but putting this back into the "encrypt6" program gave me a slightly different ciphertext.
(This error was probably tiredness on my part)
There were 3 characters different between the password ciphertext and my password ciphertext.
I iteratively adjusted the plaintext password to ensure when it was encrypted it gave the same value as the krypton7 password ciphertext.
--------------------------------------------------------------------------------
krypton6@krypton:/krypton/krypton6$ ./encrypt6 ~/plain2 ~/cipher2
krypton6@krypton:/krypton/krypton6$ cat ~/cipher2 ;echo
PNUKLYLWRQKGKBE
krypton6@krypton:/krypton/krypton6$ diff -s ~/cipher2 krypton7
Files /home/krypton6/cipher2 and krypton7 are identical
--------------------------------------------------------------------------------
I had found the last password and completed the Krypton challenge series!
--------------------------------------------------------------------------------
$ssh -p2222 krypton7@krypton.labs.overthewire.org
_ _
| | ___ __ _ _ _ __ | |_ ___ _ __
| |/ / '__| | | | '_ \| __/ _ \| '_ \
| <| | | |_| | |_) | || (_) | | | |
|_|\_\_| \__, | .__/ \__\___/|_| |_|
|___/|_|
a http://www.overthewire.org wargame.
krypton7@krypton.labs.overthewire.org's password:
Welcome to Ubuntu 14.04 LTS (GNU/Linux 4.4.0-92-generic x86_64)
* Documentation: https://help.ubuntu.com/
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
krypton7@krypton:~$ figlet $(whoami)
_ _ _____
| | ___ __ _ _ _ __ | |_ ___ _ __|___ |
| |/ / '__| | | | '_ \| __/ _ \| '_ \ / /
| <| | | |_| | |_) | || (_) | | | |/ /
|_|\_\_| \__, | .__/ \__\___/|_| |_/_/
|___/|_|
krypton7@krypton:~$
--------------------------------------------------------------------------------
```

]]>```
The challenge at level krypton5 from the "README" file is much briefer than previously, but is based on the previous level:
--------------------------------------------------------------------------------
$cat README
Frequency analysis can break a known key length as well. Lets try one
last polyalphabetic cipher, but this time the key length is unknown.
Enjoy.
--------------------------------------------------------------------------------
So basically I have to do the same as the previous level, but for an unknown key length.
In other words I'll need to write a program to automate the previous method, while also allowing for variable key lengths.
From the output of the program I should be able to see English-ish words for some value of key length, which should tell me the key length, and be able to refine the key from there.
At least that's the idea...
The BASH script I came up with to do this is as follows, with added comments. (It's not elegant, but does the job!)
--------------------------------------------------------------------------------
$more cracker
#!/bin/bash
ciphertext=$(cat found3|tr -d ' ') # Put the cipher text into a variable for use later
#letterarray=( A B C D E F G H I J K L M N O P Q R S T U V W X Y Z ) # I could use an array starting at "A" as my letter 'ruler' to compute values between ciphertext and plaintext.
letterarray=( E F G H I J K L M N O P Q R S T U V W X Y Z A B C D ) #but it is more efficient to zero index from "E", since working from E as most frequent, so I use this as my zero index point.
#Do some testing of the array by writing it out two different ways, to make sure I didn't mess up. :)
echo "TEST:"
echo "Print letters in letterarray by value:"
for i in "${letterarray[@]}";do echo -ne $i;done
echo -e "\nPrint letters in letterarray by index:"
for i in {0..25};do echo -ne ${letterarray[$i]};done
echo
#Main outer loop to repeat for each keylength
for i in {1..15} #keylengths
do
echo "$ciphertext"|fold -w$i >folded-ciphertext #Fold the ciphertext according to the keylength, $i
for (( j=1 ; j <=$i ; j++ ))
do
cut -c$j folded-ciphertext > folded-ciphertext-keylen_cut$i.$j #Slice each column, $j, of the folded ciphertext
echo -ne "$i.$j : "
cat folded-ciphertext-keylen_cut$i.$j | sort | uniq -c | sort -rn | sed -n '1s/.*\(.\)$/\1/p' #Perform frequency analysis and output only the most frequent character
eletter=$(cat folded-ciphertext-keylen_cut$i.$j | sort | uniq -c | sort -rn | sed -n '1s/.*\(.\)$/\1/p') #Do the same as the line above, but store in variable $eletter
for (( k=0 ; k <=${#letterarray[*]} ; k++ )) #Now loop, $k, through the array and find the index value of the $eletter, i.e. the ciphertext character index corresponding to plaintext "E".
do
if [ ${letterarray[$k]} == $eletter ]
then
echo $eletter found at index $k
# No need to -4 as using E as zero index. echo $k - 4 = $(($k -4)) ${letterarray[$(($k-4))]} #I would need this if I had indexed my array from "A" instead of "E", but dont.
#lettershift=$(($k -4)) #This too isn't needed because I'm indexing the array from "E" instead of "A".
#cat folded-ciphertext-keylen_cut$i.$j | tr $(printf %${k}s | tr ' ' '.')\A-Z A-ZA-Z >folded-plain-keylen_cut$i.$j
m=$((26 - $k ))
cat folded-ciphertext-keylen_cut$i.$j | tr $(printf %${m}s | tr ' ' '.')\A-Z A-ZA-Z >folded-plain-keylen_cut$i.$j #Perform a ROTxx decipher on the ciphertext according to the key shift, $m. This effectively gives me deciphered column slices of the ciphertext, and these columns of plaintext need to be stitched together later on.
break
fi
done
done
#OK, now I look at stitching the columns of plaintext back together..
pastelist="" #Reset the list of files to paste together.
for (( j=1 ; j <=$i ; j++ ))
do
pastelist+=$(echo -ne "folded-plain-keylen_cut$i.$j ") #Create a list of files that need to be pasted together
done
echo pastelist is $pastelist
paste ${pastelist} |tr -d '\t' |paste - - - - - > pasted-plain.$i #Paste the files together, remove the tabs inbetween the columns, then paste 5 blocks of these side by side for easier reading.
done
--------------------------------------------------------------------------------
Having run this I noticed that English like words appeared for a key length of x (number spoiler removed).
--------------------------------------------------------------------------------
$./cracker ;head -n5 pasted-plain.*
--------------------------------------------------------------------------------
I then modified the "cracker" script to explicitly use the x character key it was automatically generating.
I used the other ciphertexts "found2" "found3" to indicate better key characters to tweak the values of the x character key until the ciphertext was correctly being deciphered.
--------------------------------------------------------------------------------
$cat pasted-plain.x| tr -d '\t'|head
ITWASTHEBESTOFTIMESITWASTHEWORSTOFTIMESITWAST
HEAGEOFWISDOMITWASTHEAGEOFFOOLISHNESSITWASTHE
EPOCHOFBELIEFITWASTHEEPOCHOFINCREDULITYITWAST
HESEASONOFLIGHTITWASTHESEASONOFDARKNESSITWAST
HESPRINGOFHOPEITWASTHEWINTEROFDESPAIRWEHADEVE
RYTHINGBEFOREUSWEHADNOTHINGBEFOREUSWEWEREALLG
OINGDIRECTTOHEAVENWEWEREALLGOINGDIRECTTHEOTHE
RWAYINSHORTTHEPERIODWASSOFARLIKETHEPRESENTPER
IODTHATSOMEOFITSNOISIESTAUTHORITIESINSISTEDON
ITSBEINGRECEIVEDFORGOODORFOREVILINTHESUPERLAT
--------------------------------------------------------------------------------
Applying this x character key to the ciphertext of the password, "BELOS Z", yielded the password to the next level, krypton6.
I had also generated a few files along the way...
--------------------------------------------------------------------------------
$ls
cracker folded-ciphertext-keylen_cut13.10 folded-ciphertext-keylen_cut15.7 folded-ciphertext-keylen_cut9.1 folded-plain-keylen_cut12.5 folded-plain-keylen_cut15.15 folded-plain-keylen_cut8.3
cracker-keylenx folded-ciphertext-keylen_cut13.11 folded-ciphertext-keylen_cut15.8 folded-ciphertext-keylen_cut9.2 folded-plain-keylen_cut12.6 folded-plain-keylen_cut15.2 folded-plain-keylen_cut8.4
folded-ciphertext folded-ciphertext-keylen_cut13.12 folded-ciphertext-keylen_cut15.9 folded-ciphertext-keylen_cut9.3 folded-plain-keylen_cut12.7 folded-plain-keylen_cut15.3 folded-plain-keylen_cut8.5
folded-ciphertext-keylen_cut10.1 folded-ciphertext-keylen_cut13.13 folded-ciphertext-keylen_cut2.1 folded-ciphertext-keylen_cut9.4 folded-plain-keylen_cut12.8 folded-plain-keylen_cut15.4 folded-plain-keylen_cut8.6
folded-ciphertext-keylen_cut10.10 folded-ciphertext-keylen_cut13.2 folded-ciphertext-keylen_cut2.2 folded-ciphertext-keylen_cut9.5 folded-plain-keylen_cut12.9 folded-plain-keylen_cut15.5 folded-plain-keylen_cut8.7
folded-ciphertext-keylen_cut10.2 folded-ciphertext-keylen_cut13.3 folded-ciphertext-keylen_cut3.1 folded-ciphertext-keylen_cut9.6 folded-plain-keylen_cut13.1 folded-plain-keylen_cut15.6 folded-plain-keylen_cut8.8
folded-ciphertext-keylen_cut10.3 folded-ciphertext-keylen_cut13.4 folded-ciphertext-keylen_cut3.2 folded-ciphertext-keylen_cut9.7 folded-plain-keylen_cut13.10 folded-plain-keylen_cut15.7 folded-plain-keylen_cut9.1
folded-ciphertext-keylen_cut10.4 folded-ciphertext-keylen_cut13.5 folded-ciphertext-keylen_cut3.3 folded-ciphertext-keylen_cut9.8 folded-plain-keylen_cut13.11 folded-plain-keylen_cut15.8 folded-plain-keylen_cut9.2
folded-ciphertext-keylen_cut10.5 folded-ciphertext-keylen_cut13.6 folded-ciphertext-keylen_cut4.1 folded-ciphertext-keylen_cut9.9 folded-plain-keylen_cut13.12 folded-plain-keylen_cut15.9 folded-plain-keylen_cut9.3
folded-ciphertext-keylen_cut10.6 folded-ciphertext-keylen_cut13.7 folded-ciphertext-keylen_cut4.2 folded-plain-keylen_cut10.1 folded-plain-keylen_cut13.13 folded-plain-keylen_cut2.1 folded-plain-keylen_cut9.4
folded-ciphertext-keylen_cut10.7 folded-ciphertext-keylen_cut13.8 folded-ciphertext-keylen_cut4.3 folded-plain-keylen_cut10.10 folded-plain-keylen_cut13.2 folded-plain-keylen_cut2.2 folded-plain-keylen_cut9.5
folded-ciphertext-keylen_cut10.8 folded-ciphertext-keylen_cut13.9 folded-ciphertext-keylen_cut4.4 folded-plain-keylen_cut10.2 folded-plain-keylen_cut13.3 folded-plain-keylen_cut3.1 folded-plain-keylen_cut9.6
folded-ciphertext-keylen_cut10.9 folded-ciphertext-keylen_cut14.1 folded-ciphertext-keylen_cut5.1 folded-plain-keylen_cut10.3 folded-plain-keylen_cut13.4 folded-plain-keylen_cut3.2 folded-plain-keylen_cut9.7
folded-ciphertext-keylen_cut1.1 folded-ciphertext-keylen_cut14.10 folded-ciphertext-keylen_cut5.2 folded-plain-keylen_cut10.4 folded-plain-keylen_cut13.5 folded-plain-keylen_cut3.3 folded-plain-keylen_cut9.8
folded-ciphertext-keylen_cut11.1 folded-ciphertext-keylen_cut14.11 folded-ciphertext-keylen_cut5.3 folded-plain-keylen_cut10.5 folded-plain-keylen_cut13.6 folded-plain-keylen_cut4.1 folded-plain-keylen_cut9.9
folded-ciphertext-keylen_cut11.10 folded-ciphertext-keylen_cut14.12 folded-ciphertext-keylen_cut5.4 folded-plain-keylen_cut10.6 folded-plain-keylen_cut13.7 folded-plain-keylen_cut4.2 found1
folded-ciphertext-keylen_cut11.11 folded-ciphertext-keylen_cut14.13 folded-ciphertext-keylen_cut5.5 folded-plain-keylen_cut10.7 folded-plain-keylen_cut13.8 folded-plain-keylen_cut4.3 found2
folded-ciphertext-keylen_cut11.2 folded-ciphertext-keylen_cut14.14 folded-ciphertext-keylen_cut6.1 folded-plain-keylen_cut10.8 folded-plain-keylen_cut13.9 folded-plain-keylen_cut4.4 found3
folded-ciphertext-keylen_cut11.3 folded-ciphertext-keylen_cut14.2 folded-ciphertext-keylen_cut6.2 folded-plain-keylen_cut10.9 folded-plain-keylen_cut14.1 folded-plain-keylen_cut5.1 krypton6
folded-ciphertext-keylen_cut11.4 folded-ciphertext-keylen_cut14.3 folded-ciphertext-keylen_cut6.3 folded-plain-keylen_cut1.1 folded-plain-keylen_cut14.10 folded-plain-keylen_cut5.2 pasted-plain.1
folded-ciphertext-keylen_cut11.5 folded-ciphertext-keylen_cut14.4 folded-ciphertext-keylen_cut6.4 folded-plain-keylen_cut11.1 folded-plain-keylen_cut14.11 folded-plain-keylen_cut5.3 pasted-plain.10
folded-ciphertext-keylen_cut11.6 folded-ciphertext-keylen_cut14.5 folded-ciphertext-keylen_cut6.5 folded-plain-keylen_cut11.10 folded-plain-keylen_cut14.12 folded-plain-keylen_cut5.4 pasted-plain.11
folded-ciphertext-keylen_cut11.7 folded-ciphertext-keylen_cut14.6 folded-ciphertext-keylen_cut6.6 folded-plain-keylen_cut11.11 folded-plain-keylen_cut14.13 folded-plain-keylen_cut5.5 pasted-plain.12
folded-ciphertext-keylen_cut11.8 folded-ciphertext-keylen_cut14.7 folded-ciphertext-keylen_cut7.1 folded-plain-keylen_cut11.2 folded-plain-keylen_cut14.14 folded-plain-keylen_cut6.1 pasted-plain.13
folded-ciphertext-keylen_cut11.9 folded-ciphertext-keylen_cut14.8 folded-ciphertext-keylen_cut7.2 folded-plain-keylen_cut11.3 folded-plain-keylen_cut14.2 folded-plain-keylen_cut6.2 pasted-plain.14
folded-ciphertext-keylen_cut12.1 folded-ciphertext-keylen_cut14.9 folded-ciphertext-keylen_cut7.3 folded-plain-keylen_cut11.4 folded-plain-keylen_cut14.3 folded-plain-keylen_cut6.3 pasted-plain.15
folded-ciphertext-keylen_cut12.10 folded-ciphertext-keylen_cut15.1 folded-ciphertext-keylen_cut7.4 folded-plain-keylen_cut11.5 folded-plain-keylen_cut14.4 folded-plain-keylen_cut6.4 pasted-plain.2
folded-ciphertext-keylen_cut12.11 folded-ciphertext-keylen_cut15.10 folded-ciphertext-keylen_cut7.5 folded-plain-keylen_cut11.6 folded-plain-keylen_cut14.5 folded-plain-keylen_cut6.5 pasted-plain.3
folded-ciphertext-keylen_cut12.12 folded-ciphertext-keylen_cut15.11 folded-ciphertext-keylen_cut7.6 folded-plain-keylen_cut11.7 folded-plain-keylen_cut14.6 folded-plain-keylen_cut6.6 pasted-plain.4
folded-ciphertext-keylen_cut12.2 folded-ciphertext-keylen_cut15.12 folded-ciphertext-keylen_cut7.7 folded-plain-keylen_cut11.8 folded-plain-keylen_cut14.7 folded-plain-keylen_cut7.1 pasted-plain.5
folded-ciphertext-keylen_cut12.3 folded-ciphertext-keylen_cut15.13 folded-ciphertext-keylen_cut8.1 folded-plain-keylen_cut11.9 folded-plain-keylen_cut14.8 folded-plain-keylen_cut7.2 pasted-plain.6
folded-ciphertext-keylen_cut12.4 folded-ciphertext-keylen_cut15.14 folded-ciphertext-keylen_cut8.2 folded-plain-keylen_cut12.1 folded-plain-keylen_cut14.9 folded-plain-keylen_cut7.3 pasted-plain.7
folded-ciphertext-keylen_cut12.5 folded-ciphertext-keylen_cut15.15 folded-ciphertext-keylen_cut8.3 folded-plain-keylen_cut12.10 folded-plain-keylen_cut15.1 folded-plain-keylen_cut7.4 pasted-plain.8
folded-ciphertext-keylen_cut12.6 folded-ciphertext-keylen_cut15.2 folded-ciphertext-keylen_cut8.4 folded-plain-keylen_cut12.11 folded-plain-keylen_cut15.10 folded-plain-keylen_cut7.5 pasted-plain.9
folded-ciphertext-keylen_cut12.7 folded-ciphertext-keylen_cut15.3 folded-ciphertext-keylen_cut8.5 folded-plain-keylen_cut12.12 folded-plain-keylen_cut15.11 folded-plain-keylen_cut7.6 README
folded-ciphertext-keylen_cut12.8 folded-ciphertext-keylen_cut15.4 folded-ciphertext-keylen_cut8.6 folded-plain-keylen_cut12.2 folded-plain-keylen_cut15.12 folded-plain-keylen_cut7.7
folded-ciphertext-keylen_cut12.9 folded-ciphertext-keylen_cut15.5 folded-ciphertext-keylen_cut8.7 folded-plain-keylen_cut12.3 folded-plain-keylen_cut15.13 folded-plain-keylen_cut8.1
folded-ciphertext-keylen_cut13.1 folded-ciphertext-keylen_cut15.6 folded-ciphertext-keylen_cut8.8 folded-plain-keylen_cut12.4 folded-plain-keylen_cut15.14 folded-plain-keylen_cut8.2
--------------------------------------------------------------------------------
So I now had access to the next level, krypton6!
--------------------------------------------------------------------------------
$ssh -p2222 krypton6@krypton.labs.overthewire.org
_ _
| | ___ __ _ _ _ __ | |_ ___ _ __
| |/ / '__| | | | '_ \| __/ _ \| '_ \
| <| | | |_| | |_) | || (_) | | | |
|_|\_\_| \__, | .__/ \__\___/|_| |_|
|___/|_|
a http://www.overthewire.org wargame.
krypton6@krypton.labs.overthewire.org's password:
Welcome to Ubuntu 14.04 LTS (GNU/Linux 4.4.0-92-generic x86_64)
* Documentation: https://help.ubuntu.com/
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
krypton6@krypton:~$ figlet $(whoami)
_ _ __
| | ___ __ _ _ _ __ | |_ ___ _ __ / /_
| |/ / '__| | | | '_ \| __/ _ \| '_ \| '_ \
| <| | | |_| | |_) | || (_) | | | | (_) |
|_|\_\_| \__, | .__/ \__\___/|_| |_|\___/
|___/|_|
krypton6@krypton:~$
```

]]>```
I recently stumbled upon overthewire.org cyber challenges, and after completing the 33 challenges of the Bandit series in an evening I returned to complete the Leviathan series, then moved on to the cryptographic challenges in the Krypton series. Levels 1 to 3 are straight forward, and these are my notes for future reference for the remaining levels, 4 to 6...
The Krypton series Cyber Challenge from Over the Wire - krypton4 is stated in the file "README", which can be concatenated to the standard out (screen).
--------------------------------------------------------------------------------
$cat README
You more than likely used frequency analysis and some common sense
to solve that one.
So far we have worked with simple substitution ciphers. They have
also been 'monoalphabetic', meaning using a fixed key, and
giving a one to one mapping of plaintext (P) to ciphertext (C).
Another type of substitution cipher is referred to as 'polyalphabetic',
where one character of P may map to many, or all, possible ciphertext
characters.
An example of a polyalphabetic cipher is called a Vigen�re Cipher. It works
like this:
If we use the key(K) 'GOLD', and P = PROCEED MEETING AS AGREED, then "add"
P to K, we get C. When adding, if we exceed 25, then we roll to 0 (modulo 26).
P P R O C E E D M E E T I N G A S A G R E E D
K G O L D G O L D G O L D G O L D G O L D G O
becomes:
P 15 17 14 2 4 4 3 12 4 4 19 8 13 6 0 18 0 6 17 4 4 3
K 6 14 11 3 6 14 11 3 6 14 11 3 6 14 11 3 6 14 11 3 6 14
C 21 5 25 5 10 18 14 15 10 18 4 11 19 20 11 21 6 20 2 8 10 17
So, we get a ciphertext of:
VFZFK SOPKS ELTUL VGUCH KR
This level is a Vigen�re Cipher. You have intercepted two longer, english
language messages. You also have a key piece of information. You know the
key length!
For this exercise, the key length is 6. The password to level five is in the usual
place, encrypted with the 6 letter key.
Have fun!
--------------------------------------------------------------------------------
There is also a hint in the file "HINT".
--------------------------------------------------------------------------------
$cat HINT
Frequency analysis will still work, but you need to analyse it
by "keylength". Analysis of cipher text at position 1, 6, 12, etc
should reveal the 1st letter of the key, in this case. Treat this as
6 different mono-alphabetic ciphers...
Persistence and some good guesses are the key!
--------------------------------------------------------------------------------
There are also two files "found1" and "found2" containing ciphertext encoded with the unknown key, which is 6 characters in length.
As the key is made up of 6 characters it will repeat at the 7th character position, and the 13th, and so on.
(The hint mentioning position "1, 6, 12" is obviously inaccurate, whether or not intentionally I know not.)
OK, first I'll look at what is happening to create the cipher, then I will think about reversing the process.
Let's say the key is "ABCDEF", the plaintext is "SOME PLAINTEXT".
The ciphertext would be created as follows:
First we remove any spaces or punctuations in the plaintext:
SOMEPLAINTEXT
Then repeat the key against the plaintext:
SOMEPLAINTEXT
ABCDEFABCDEFA
The key character value is added to the plaintext character value to create the ciphertext character.
Character values are 1 to 26 for characters "A" to "Z"
Making a simple letter 'ruler' makes the process easier to compute visually:
1 2 3 4
1234567890123456789012345678901234567890
ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMN
For the first character of ciphertext this gives:
S + A = 19 + 1 = 20 = T
For the 2nd..
O + B = 15 + 2 = 17 = Q
Doing this for the entire plaintext "SOMEPLAINTEXT" with cipher key "ABCDEF" gives the ciphertext:
TQPIURBKQXJDU
So to solve the problem at hand we have the ciphertext, but need to work out the cipher key, and plaintext.
I know the key length is 6, so I know that the ciphertext character 1, 7, 13, 19,... have all been encrypted using the 1st character of the cipher key.
Ciphertext characters 2, 8, 14, 20,... were encrypted with the 2nd character of the cipher key, and so on.
So I remove the spaces in the ciphertext and fold it into lines 6 characters long.
--------------------------------------------------------------------------------
$cat found1|tr -d ' '|fold -w6 |head -n5
YYICSJ
IZIBAG
YYXRIE
WVIXAF
NJOOVQ
--------------------------------------------------------------------------------
Now the 1st, 7th, 13th, 19th, etc characters are all in the first column. Ciphertext characters 2, 8, 14, 20, .. are all in the 2nd column, and so on.
So I need to slice this into individual columns because every character in the first column was encrypted with the 1st character of the cipher key, 2nd column was made with 2nd character of the cipher key, etc.
I use "cut -c1" to perform the slicing and redirect the output to a file "f1a".
--------------------------------------------------------------------------------
$cat found1|tr -d ' '|fold -w6 |cut -c1 > f1a; head -n5 f1a
Y
I
Y
W
N
--------------------------------------------------------------------------------
I then do the same for the other columns 2 to 6, storing each into files f1b to f1f
--------------------------------------------------------------------------------
$cat found1|tr -d ' '|fold -w6 |cut -c2 > f1b; head -n5 f1b
Y
Z
Y
V
J
--------------------------------------------------------------------------------
Now I have six files "f1a" to "f1f" that I can run a letter frequency analysis against to determine the most frequent characters.
Analysing them for the most frequent characters:
--------------------------------------------------------------------------------
$cat f1a|sort|uniq -c|sort -rn
37 J
24 S
22 Y
20 T
18 F
17 W
16 M
14 I
12 N
11 K
9 X
7 Z
7 B
6 Q
5 L
4 P
3 R
3 H
3 G
3 D
1 A
--------------------------------------------------------------------------------
In the English language, which I know the plaintext is written, the most frequent letter is "E".
So I know the most frequent letter from the frequency analysis of the ciphertext is equivalent to "E" in the plaintext.
This allows me to work out the key shifting letters between the plaintext and the ciphertext.
So from the above 1st column ciphertext frequency analysis, I know "J" in the ciphertext is the most common character and corresponds to "E" in plaintext.
plaintext + key = ciphertext
plaintext = ciphertext - key
E = J - ?
(Using the letter 'ruler' again...)
5 = 10 - ?
5 = 10 - 5
? = 5
E = 5
So to get from the ciphertext to plaintext I need to subtract the key character "E", which is of value 5, from the ciphertext character value.
All of this was ONLY for the first column of the ciphertext, so I repeat this for the other columns.
I end up with a 6 character key, "EQSJDX" or "EQDJDX", because the "S" and "D" have equal weighting from the frequency analysis which gave two possible ciphertext characters corresponding to plaintext "E".
Using the "found2" ciphertext for verification it is easy to work out the final correct key as "EQDJDX".
I appled this key in reverse to the ciphertext of the krypton5 password "HCIKV RJOX" and arrived at the password to the next level, krypton5.
--------------------------------------------------------------------------------
$ssh -p2222 krypton5@krypton.labs.overthewire.org
_ _
| | ___ __ _ _ _ __ | |_ ___ _ __
| |/ / '__| | | | '_ \| __/ _ \| '_ \
| <| | | |_| | |_) | || (_) | | | |
|_|\_\_| \__, | .__/ \__\___/|_| |_|
|___/|_|
a http://www.overthewire.org wargame.
krypton5@krypton.labs.overthewire.org's password:
Welcome to Ubuntu 14.04 LTS (GNU/Linux 4.4.0-92-generic x86_64)
* Documentation: https://help.ubuntu.com/
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
krypton5@krypton:~$ figlet $(whoami)
_ _ ____
| | ___ __ _ _ _ __ | |_ ___ _ __ | ___|
| |/ / '__| | | | '_ \| __/ _ \| '_ \|___ \
| <| | | |_| | |_) | || (_) | | | |___) |
|_|\_\_| \__, | .__/ \__\___/|_| |_|____/
|___/|_|
krypton5@krypton:~$
--------------------------------------------------------------------------------
```

]]>