# Crypto CTFs Tricks

🎙️ HackTricks LIVE Twitch Wednesdays 5.30pm (UTC) 🎙️ - 🎥 Youtube 🎥

* Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)! * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family) * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com) * **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.** * **Share your hacking tricks by submitting PRs to the** [**hacktricks repo**](https://github.com/carlospolop/hacktricks) **and** [**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud).

## Online Hashes DBs * ***Google it*** * * [https://www.onlinehashcrack.com/](https://www.onlinehashcrack.com) * [https://crackstation.net/](https://crackstation.net) * [https://md5decrypt.net/](https://md5decrypt.net) * * [https://gpuhash.me/](https://gpuhash.me) * * [https://www.cmd5.org/](https://www.cmd5.org) * * ## Magic Autosolvers * [**https://github.com/Ciphey/Ciphey**](https://github.com/Ciphey/Ciphey) * (Magic module) * * ## Encoders Most of encoded data can be decoded with these 2 ressources: * * ### Substitution Autosolvers * * [https://quipqiup.com/](https://quipqiup.com) - Very good ! #### Caesar - ROTx Autosolvers * #### Atbash Cipher * ### Base Encodings Autosolver Check all these bases with: * **Ascii85** * `BQ%]q@psCd@rH0l` * **Base26** \[*A-Z*] * `BQEKGAHRJKHQMVZGKUXNT` * **Base32** \[*A-Z2-7=*] * `NBXWYYLDMFZGCY3PNRQQ====` * **Zbase32** \[*ybndrfg8ejkmcpqxot1uwisza345h769*] * `pbzsaamdcf3gna5xptoo====` * **Base32 Geohash** \[*0-9b-hjkmnp-z*] * `e1rqssc3d5t62svgejhh====` * **Base32 Crockford** \[*0-9A-HJKMNP-TV-Z*] * `D1QPRRB3C5S62RVFDHGG====` * **Base32 Extended Hexadecimal** \[*0-9A-V*] * `D1NMOOB3C5P62ORFDHGG====` * **Base45** \[*0-9A-Z $%\*+-./:*] * `59DPVDGPCVKEUPCPVD` * **Base58 (bitcoin)** \[*1-9A-HJ-NP-Za-km-z*] * `2yJiRg5BF9gmsU6AC` * **Base58 (flickr)** \[*1-9a-km-zA-HJ-NP-Z*] * `2YiHqF5bf9FLSt6ac` * **Base58 (ripple)** \[*rpshnaf39wBUDNEGHJKLM4PQ-T7V-Z2b-eCg65jkm8oFqi1tuvAxyz*] * `pyJ5RgnBE9gm17awU` * **Base62** \[*0-9A-Za-z*] * `g2AextRZpBKRBzQ9` * **Base64** \[*A-Za-z0-9+/=*] * `aG9sYWNhcmFjb2xh` * **Base67** \[*A-Za-z0-9-*.!\~\_] * `NI9JKX0cSUdqhr!p` * **Base85 (Ascii85)** \[*!"#$%&'()\*+,-./0-9:;<=>?@A-Z\[\\]^\_\`a-u*] * `BQ%]q@psCd@rH0l` * **Base85 (Adobe)** \[*!"#$%&'()\*+,-./0-9:;<=>?@A-Z\[\\]^\_\`a-u*] * `<~BQ%]q@psCd@rH0l~>` * **Base85 (IPv6 or RFC1924)** \[*0-9A-Za-z!#$%&()\*+-;<=>?@^*\`{|}\~\_] * `Xm4y`V\_|Y(V{dF>\` * **Base85 (xbtoa)** \[*!"#$%&'()\*+,-./0-9:;<=>?@A-Z\[\\]^\_\`a-u*] * `xbtoa Begin\nBQ%]q@psCd@rH0l\nxbtoa End N 12 c E 1a S 4e6 R 6991d` * **Base85 (XML)** \[*0-9A-Za-y!#$()\*+,-./:;=?@^\`{|}\~z\_*] * `Xm4y|V{~Y+V}dF?` * **Base91** \[*A-Za-z0-9!#$%&()\*+,./:;<=>?@\[]^\_\`{|}\~"*] * `frDg[*jNN!7&BQM` * **Base100** \[] * `👟👦👣👘👚👘👩👘👚👦👣👘` * **Base122** \[] * `4F ˂r0Xmvc` * **ATOM-128** \[*/128GhIoPQROSTeUbADfgHijKLM+n0pFWXY456xyzB7=39VaqrstJklmNuZvwcdEC*] * `MIc3KiXa+Ihz+lrXMIc3KbCC` * **HAZZ15** \[*HNO4klm6ij9n+J2hyf0gzA8uvwDEq3X1Q7ZKeFrWcVTts/MRGYbdxSo=ILaUpPBC5*] * `DmPsv8J7qrlKEoY7` * **MEGAN35** \[*3G-Ub=c-pW-Z/12+406-9Vaq-zA-F5*] * `kLD8iwKsigSalLJ5` * **ZONG22** \[*ZKj9n+yf0wDVX1s/5YbdxSo=ILaUpPBCHg8uvNO4klm6iJGhQ7eFrWczAMEq3RTt2*] * `ayRiIo1gpO+uUc7g` * **ESAB46** \[] * `3sHcL2NR8WrT7mhR` * **MEGAN45** \[] * `kLD8igSXm2KZlwrX` * **TIGO3FX** \[] * `7AP9mIzdmltYmIP9mWXX` * **TRIPO5** \[] * `UE9vSbnBW6psVzxB` * **FERON74** \[] * `PbGkNudxCzaKBm0x` * **GILA7** \[] * `D+nkv8C1qIKMErY1` * **Citrix CTX1** \[] * `MNGIKCAHMOGLKPAKMMGJKNAINPHKLOBLNNHILCBHNOHLLPBK` - 404 Dead: ### HackerizeXS \[*╫Λ↻├☰┏*] ``` ╫☐↑Λ↻Λ┏Λ↻☐↑Λ ``` * - 404 Dead: ### Morse ``` .... --- .-.. -.-. .- .-. .- -.-. --- .-.. .- ``` * - 404 Dead: ### UUencoder ``` begin 644 webutils_pl M2$],04A/3$%(3TQ!2$],04A/3$%(3TQ!2$],04A/3$%(3TQ!2$],04A/3$%( M3TQ!2$],04A/3$%(3TQ!2$],04A/3$%(3TQ!2$],04A/3$%(3TQ!2$],04A/ F3$%(3TQ!2$],04A/3$%(3TQ!2$],04A/3$%(3TQ!2$],04A/3$$` ` end ``` * ### XXEncoder ``` begin 644 webutils_pl hG2xAEIVDH236Hol-G2xAEIVDH236Hol-G2xAEIVDH236Hol-G2xAEIVDH236 5Hol-G2xAEE++ end ``` * [www.webutils.pl/index.php?idx=xx](https://github.com/carlospolop/hacktricks/tree/bf578e4c5a955b4f6cdbe67eb4a543e16a3f848d/crypto/www.webutils.pl/index.php?idx=xx) ### YEncoder ``` =ybegin line=128 size=28 name=webutils_pl ryvkryvkryvkryvkryvkryvkryvk =yend size=28 crc32=35834c86 ``` * ### BinHex ``` (This file must be converted with BinHex 4.0) :#hGPBR9dD@acAh"X!$mr2cmr2cmr!!!!!!!8!!!!!-ka5%p-38K26%&)6da"5%p -38K26%'d9J!!: ``` * ### ASCII85 ``` <~85DoF85DoF85DoF85DoF85DoF85DoF~> ``` * ### Dvorak keyboard ``` drnajapajrna ``` * ### A1Z26 Letters to their numerical value ``` 8 15 12 1 3 1 18 1 3 15 12 1 ``` ### Affine Cipher Encode Letter to num `(ax+b)%26` (*a* and *b* are the keys and *x* is the letter) and the result back to letter ``` krodfdudfrod ``` ### SMS Code **Multitap** [replaces a letter](https://www.dcode.fr/word-letter-change) by repeated digits defined by the corresponding key code on a mobile [phone keypad](https://www.dcode.fr/phone-keypad-cipher) (This mode is used when writing SMS).\ For example: 2=A, 22=B, 222=C, 3=D...\ You can identify this code because you will see\*\* several numbers repeated\*\*. You can decode this code in: ### Bacon Code Substitude each letter for 4 As or Bs (or 1s and 0s) ``` 00111 01101 01010 00000 00010 00000 10000 00000 00010 01101 01010 00000 AABBB ABBAB ABABA AAAAA AAABA AAAAA BAAAA AAAAA AAABA ABBAB ABABA AAAAA ``` ### Runes ![](https://github.com/nirugima/hacktricks/blob/main/.gitbook/assets/runes.jpg) ## Compression **Raw Deflate** and **Raw Inflate** (you can find both in Cyberchef) can compress and decompress data without headers. ## Easy Crypto ### XOR - Autosolver * ### Bifid A keywork is needed ``` fgaargaamnlunesuneoa ``` ### Vigenere A keywork is needed ``` wodsyoidrods ``` * * * ## Strong Crypto ### Fernet 2 base64 strings (token and key) ``` Token: gAAAAABWC9P7-9RsxTz_dwxh9-O2VUB7Ih8UCQL1_Zk4suxnkCvb26Ie4i8HSUJ4caHZuiNtjLl3qfmCv_fS3_VpjL7HxCz7_Q== Key: -s6eI5hyNh8liH7Gq0urPC-vzPgNnxauKvRO4g03oYI= ``` * ### Samir Secret Sharing A secret is splitted in X parts and to recover it you need Y parts (*Y <=X*). ``` 8019f8fa5879aa3e07858d08308dc1a8b45 80223035713295bddf0b0bd1b10a5340b89 803bc8cf294b3f83d88e86d9818792e80cd ``` ### OpenSSL brute-force * * ## Tools * * *

🎙️ HackTricks LIVE Twitch Wednesdays 5.30pm (UTC) 🎙️ - 🎥 Youtube 🎥

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://breached.gitbook.io/dashboard/crypto-and-stego/crypto-ctfs-tricks.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.