Contact CTF writeups Notes

[PicoCTF 2018] - crypto - Hertz 2

This is one of my writeups for PicoCTF 2018


This flag has been encrypted with some kind of cipher, can you decrypt it? Connect with nc 12521.

Hint :

  1. These kinds of problems are solved with a frequency that merits some analysis.


This task was essentially the same as the previous one called hertz.

I used the same approach with two small differences :

  1. I had to modify my script to handle capital letter
  2. The ciphertext was considerably shorter and ended with nxugUAR{edyeaxadaxgt_uxnifke_qkf_agg_fqep_jeukedvgml}. Knowing the flag format, I guessed the initial substitutions for the letters p, i, c, o, t and f.

Here's my updated script after those initial guesses :

from string import ascii_lowercase
from collections import Counter
from colorama import Fore

with open('ciphertext', 'r') as f:
    ciphertext =

# Get the letter frequency
charcount = Counter(c for c in ciphertext if c in ascii_lowercase)
total_chars = sum(charcount.values())
for char, count in charcount.items():
    print(f'{char}: {(count*100)/total_chars}% ({count})')

# Reverse the substitutions
sub = {
    'n': 'p',
    'x': 'i',
    'u': 'c',
    'g': 'o',
    'a': 't',
    'r': 'f',
plaintext = ''
for char in ciphertext:
    if char in sub:
        char = char.replace(char, f'{Fore.GREEN}{sub[char]}{Fore.RESET}')
    elif char.lower() in sub:
        char = char.replace(char, f'{Fore.GREEN}{sub[char.lower()].upper()}{Fore.RESET}')
    plaintext += char


Note : this uses the third-party library colorama for colored output.

After populating the sub dictionary by progressively guessing the substitutions, we can extract the flag : picoCTF{substitution_ciphers_are_too_easy_vscrsudogw.