Rating:

# Throwback
## Problem
The original file is ["text"](./text), a 90-byte long string:
Anyo!e!howouldsacrificepo!icyforexecu!!onspeedthink!securityisacomm!ditytop!urintoasy!tem!.

## Approach
Since this is all that we're given, it's pretty likely that this is a steganography challenge.
Let's start by trying to figure out what the original message would be. It's likely
Anyone who would sacrifice policy for execution speed thinks security is a commodity
to pour into a system!, replacing letters nwltisoos. Note that this replaces all of the
exclamation points except the last.

Well, it turns out that the flag isn't nwltisoos, and there's no obvious caesar encryption
or permutation that works (though it permutes to "solwtions", which messed with me for a
while).

Let's try... the letters before/after the exclamation points.
Before: oeou kmpym, after: ehi osdut . Neither works.

Thinking of this as a steganography tactic... it's not usually a good stego tactic to require
your hidden message to rely on the plaintext it's encoded in. (You then need to find a
specific plaintext that works, which kind of weakens the point of using stego in the
first place.) So let's consider the positions of the exclamation points, rather than the
letters around them.

It's at this point that a hint was released: The flag is in the format ([a-z ]+).
That means that we should probably be looking for numbers less than 26. That rules
out the absolute position of exclamation points (since the last one is at byte 89), so
let's look at the number of letters before each exclamation point.

That gives us 4 1 18 11 0 12 15 7 9 3, which, converted from a 0-indexed alphabet,
gives ebslamphjd. When we decrypt that with caesar of 1, we get darkzlogic - and
dark logic is the flag! So why didn't we get that outright?

## Solution
Instead of using a 0-indexed alphabet (where 0 maps to a, 1 to b, etc), we should've
used a 1-indexed alphabet with zero mapping to a space (since spaces are explicitly
allowed in the hint).

Python
# The given ciphertext
text = "Anyo!e!howouldsacrificepo!icyforexecu!!onspeedthink!securityisacomm!ditytop!urintoasy!tem!"
# Our space-prepended alphabet
alpha = " abcdefghijklmnopqrstuvwxyz" # Note the space at index 0

# Split the text and convert to lengths
splat = text.split("!") # this ends with an empty string due to the trailing !
lens = [len(x) for x in splat[:-1]]

# Convert to the alphabet and print!
letters = [alpha[i] for i in lens]
print "".join(letters)


Original writeup (https://github.com/AntithesisConundrum/ctf-writeups/tree/master/defcon-quals-2018/throwback).