Fancy Caesar Cipher


We RSA encrypted the flag, but forgot to save the private key. Is it possible to recover the flag without it?


The challenge consisted of a Python script that utilized RSA to encrypt the flag and write the public key and ciphertext to the fancy_caesar.out file.

I reviewed the Python script and spotted one critical weakness within the encrypt() function:

def encrypt(e, n, m):
    return [((ord(c) ** e) % n) for c in m]

The for c in m loop means the script is encrypting a single character at a time, which makes a brute-force attack against the ciphertext fairly trivial. I wrote a simple Python script to perform the following steps:

  1. Load the Public Key and ciphertext from fancy_caesar.out
  2. Create a lookup table containing every printable character along with its encrypted version, using the provided public key
  3. Parse the ciphertext one character at a time, find the associated plaintext via the lookup table and append the plaintext to the flag string
import re
from ast import literal_eval

with open("fancy_Caesar_Cipher.out") as f:
    chall =

m = re.match(r'Generated key:\s+(?P<e>\d+)\s+(?P<n>\d+)\s+Encrypted flag:\s+(?P<c>[\[\]0-9,\s]+)', chall)
n = int('n'))
e = int('e'))
ciphertext = literal_eval('c'))
public_key = (e, n)

# Build a lookup table of encrypted printable chars
table = {}
for i in range(32, 127):
    table[pow(i, public_key[0], public_key[1])] = chr(i)

# Loop through each character in the cipher text; get the plaintext from the lookup table and append it to 'flag'
flag = ""
for c in ciphertext:
    if c in table:
        flag += table[c]


Running my solution produced a partial flag, but the contents weren't readable:

$ python3 ./


This appeared to be an additional layer of encryption on the flag, and this is where the reference to Caesar Cipher in the challenge name made sense. I dropped the flag into CyberChef and used the ROT-13 operation to cycle through the various alphabet shifts until something readable appeared after a shift of 23.


This completed the challenge with a final flag of flag{meta_flag_is_meta}



Leave a comment