Ciphers
Ways to encrypt text. Often methods used a long time ago to send secret messages
Last updated
Ways to encrypt text. Often methods used a long time ago to send secret messages
Last updated
CyberChef is a great tool to stack various text operations. You can do things like URL encode, then Base64, then To Hex, etc. Just put some text in the input, apply operations as a recipe by dragging them from the left, and see the output.
It also has a Magic operation that tries lots of operations recursively, until some possible text comes out. Example
There are lots of different ciphers out there, and often it's a game of recognizing certain features of the ciphertext and then deciding on a cipher to try. Some ciphers have keys, but these can often be brute-forced until some English text comes out, or until it fits a CTF{.*}
flag format.
A good tool to automatically recognize and suggest ciphers is the one from Boxentriq. Lots of ciphers I won't cover here can be found on their site:
Another great tool is dCode, which you'll find often when searching for tools that can decrypt your cipher. It has lots of tools for even the most exotic of ciphers and can brute-force some parameters automatically. It also has a Cipher Identifier:
For non-text cipher that uses symbols instead, try looking at their list of Symbol Ciphers:
ROT13 stands for "Rotate by 13", meaning you rotate all the letters by 13. This means the first letter (A) becomes the 14th letter (N). When you reach the end of the alphabet you just wrap around back to the start. The 20th letter in the alphabet (T) becomes 20 + 13 = 33 - 26 = 7
meaning the 7th letter (G).
This rotation does not need to be 13, although it's the most common. You can rotate the letters by any amount from 0-26.
Similarly to ROT13, ROT47 also rotates characters by some constant amount. But this time the whole printable ASCII character set, meaning 33 (!
) to 126 (~
). It rotates through this whole character set and wraps around just like ROT13.
This also can have any amount of rotation from 0-94.
The ADD cipher adds a number to every byte and wraps around when it goes over 255. For every character in the plaintext, it gets the character in the key that is often repeating.
A substitution cipher works by replacing certain letters with other letters. The secret here is the alphabet used, meaning what letters map to what other letters. There are some online tools that can use some analytics to find what text/key is the most likely to be correct:
If an online tool cannot solve it, you might need to do some manual work. A great tool that can help with this is the following:
Simply input your ciphertext, and click Start Manual Solving. Here you can view your ciphertext, and plaintext so far in the Text field. In the Key field, you can fill out what letters should correspond to each other. The easiest way is to look at the spacing of your target text if there is any, and guess what some words might be. Then you can slowly fill in other letters and guess more words.
When working with English text, you can use the Word finder there to put wildcards for letters you don't know and find possible matching words. If your plaintext is likely in another language than English, you might want to look for any other online Wildcard dictionary searchers or create your own from a wordlist in your favorite programming language.
Another tool that might help in the case of short text or a different language than existing tools use, is my own SubSolver:
It allows you to provide a wordlist and tries every possible combination of words in that list efficiently to find possible solutions that fit with the repeated letters and spacing in a ciphertext.
To test/debug recipes you can use the button to disable the operation, and the button to stop/pause the recipe before it reaches this operation.
As explained in detail in XOR, it XORs all the bits from a given plaintext or ciphertext, with a key that is often repeating. It can generate any set of bytes, including non-printable characters. This means it's often encoded in something like Base64 or Hex to make sure it can be sent properly. can be brute-forced, and with a known plaintext you can recover the key.