Challenge Overview
In this beginner-friendly picoCTF HideToSee cryptography challenge, weโre given an image file named atbash.jpg. The goal is to find the hidden message or flag inside this image.
๐ Tools I Used
- strings โ To inspect readable strings embedded in the image.
- steghide โ To extract hidden files from the image.
๐ Step-by-Step Walkthrough – picoCTF HideToSee
Step 1: Extracting Hidden Data
First, I used the strings command to look for any suspicious text inside the image:
strings atbash.jpg
No useful clues there, so I tried a steganography tool called steghide to see if thereโs anything hidden inside the image.
steghide extract -sf atbash.jpg
After hitting enter, the tool asked for a passphrase. I just hit enter (empty password), and it worked!
It extracted a file named:
encrypted.txt
Inside, I found this text:
krxlXGU{zgyzhs_xizxp_92533667}
Looks like a flag, but it’s encrypted.
Step 2: Analyzing the Cipher
Letโs break it down:
Encrypted part:
zgyzhs_xizxp
This looks like a substitution cipher.
I recognized the structure might be an Atbash cipher โ a simple cipher where each letter is mapped to its reverse counterpart in the alphabet:
A <-> Z
B <-> Y
C <-> X
...
Step 3: Decrypting with Atbash Cipher
Applying Atbash manually:
| Cipher | Plain |
|---|---|
| Z | A |
| G | T |
| Y | B |
| Z | A |
| H | S |
| S | H |
| _ | _ |
| X | C |
| I | R |
| Z | A |
| X | C |
| P | K |
You can also use this online tool to quickly decode Atbash ciphers:
๐ https://rumkin.com/tools/cipher/atbash/
So the decrypted flag becomes:
picoCTF{atbash_crack_92533667}
Optional: Python Script for Decryption
Here’s a quick Python script to decrypt any Atbash-encrypted text:
def atbash(text):
result = ''
for char in text:
if char.isalpha():
if char.islower():
result += chr(219 - ord(char)) # 219 = 'a' + 'z'
else:
result += chr(155 - ord(char)) # 155 = 'A' + 'Z'
else:
result += char
return result
cipher_text = "zgyzhs_xizxp"
decrypted = atbash(cipher_text)
print("Decrypted:", decrypted)
Final Thoughts
This was a fun and simple introduction to steganography and basic cryptography using the Atbash cipher. These challenges are great for beginners looking to sharpen their CTF and cybersec skills!
other blogs
- How to Install Burp Suite in Arch Linux
- 10 Best Final Year Cybersecurity Project Ideas with source code.
- Interactive Snake Game Using OpenCV & Hand Tracking
- ArchLinux terminal customization with neofetch and fastfetch
- Microblogging for Cybersecurity: The Future of Short-form Content
- Cyber Security vs AI: Which Career Should You Choose?
- Instagram Video Downloader: Your Easy-to-Use Tool
- Install Neovim on ArchLinux โ Easy Setup with init.vim Guide
