In this post, we covered encoding and decoding using python and Cyberchef. We solved two challenges from PicoCTF for that.
Encoding and decoding can be done using online encoders and decoders but in this challenge we used python scripts and libraries to represent data in different formats such as hexadecimal, decimal, UTF8, UTF16,etc.
PicoCTF netcat description
There is a nice program that you can talk to by using this command in a shell: $ nc mercury.picoctf.net 35652
, but it doesn’t speak English…
PicoCTF Transformation challenge description
I wonder what this really is… enc''.join([chr((ord(flag[i]) << 8) + ord(flag[i + 1])) for i in range(0, len(flag), 2)])
The “Netcat” Challenge: From Numbers to Flags
This first challenge involved connecting to a server using netcat (nc
). When I connected, the server sent back a stream of numbers. The hint mentioned ASCII, so I knew I had to convert these numbers into characters to get the flag.
My First Approach: CyberChef to the Rescue! 🍳
My initial thought was to use CyberChef, which is an amazing online tool for all sorts of data manipulation. I copied the numbers from my terminal and pasted them into CyberChef. I used the “From Character Code” operation, set the delimiter to “Line,” and the base to 10. Just like magic, the numbers were converted into readable text, and there was the flag!
My Second Approach: A Python Script 🐍
While CyberChef was quick and easy, I wanted to challenge myself to solve it with a Python script. Here’s how I did it:
- First, I saved the output from the
nc
command into a text file. - Then, I wrote a Python script to read the file. My first attempt failed because the script was reading the numbers as strings, not integers.
- I adjusted the script to convert the strings into a list of numbers.
- Finally, I looped through the list and used the
chr()
function to convert each number to its corresponding ASCII character.
Success! The script printed out the flag. It was slightly different from the one I got from CyberChef, which was an interesting little quirk.
The “Transformation” Challenge
This challenge gave me a file called encrypt
that contained what looked like garbled Unicode text. My job was to figure out the encoding and reveal the hidden flag.
My First Approach: The Magic of CyberChef
Once again, I turned to CyberChef. I pasted the strange text into the input box and used the “Magic” operation on “Intensive mode.” This feature is incredible—it automatically analyzes the data and tries to figure out how to decode it. It correctly identified that the text was encoded in UTF-16BE and converted it back to readable UTF-8, revealing the flag.
My Second Approach: Python Power
To solve this with Python, I did the following:
- I wrote a script to read the contents of the
encrypt
file. - I then looped through each character of the encoded string, using the
ord()
function to get its Unicode code point and thehex()
function to convert that to a hexadecimal value. - I took the resulting hex string and, just for fun, pasted it back into CyberChef. Using the “From Hex” operation, I was able to decode it and get the flag.
Technical Commands I Used
Here are the commands I used during these challenges:
nc
: To connect to the server in the “Netcat” challenge.cat
: To display the contents of theencrypt
file.file
: To identify the file type of theencrypt
file.
I hope this walkthrough was helpful and showed you a couple of different ways to approach these kinds of CTF challenges. Happy hacking!