Smashthestack.org: Blowfish Level 1

13 Jan 2013

This post will explain how the level 1 of Blowfish Smashtestack.org challenge is solved. So Do not read any further if you want to solve it yourself.

The question is as follows:

Here is the Level2 password: GungJnfRnfl
But it's encrypted with a simple substitution cipher.
Decrypt it and log in as level2.

Substitution Cipher

A substitution cipher is an encryption cipher where plain text is replaced by ciphertext. These can be letters,numbers, signs,... The most famous one is called the Caesar cipher, which just replaces a letter with another letter, shifting the letters in a logical way. For instance Cipher Letter = Letter place in the Alphabet + n letters down the Alphabet. This is called a rotation. So rotation 1 would mean A becomes B, B becomes C, C becomes D, Z becomes A,... and rotation 2 would mean A becomes C, B becomes D, Z becomes B,...

Script

So now you know about substituion ciphers let's have a look at the script I wrote to solve this one. I assumed that the chances were high that this would be a rotation, so I made a script that does all 25 possible rotations for the passwords:

alphabetArray = ['a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z']
password = 'GungJnfRnfl'.lower()             #convert the strong to lowercase so we don't need to keep track if it is an upper or lowercase character
passwordList = list(password)                 #convert the string to a list of characters
x = 2 #inititate the x to 2 for the while loop, there are only 25 possible passwords so we start at 2
possiblePasswordList = list()                 #create an empty list to put the passwords in
y = len (alphabetArray)                     #initiate y by setting its value to the numeric value of the length of the alphabet array
while x <= y:                               #If we havent gone through all passwords, keep going
    possiblePassword = list()                             #This is a list to put the characters of one possible password in
    for character in passwordList:                         #For all the characters of our list we made of the cyphertext
        z = int(x)                                          #initiate z with the value of x
        n = alphabetArray.index(character)                  #n is the value of the place of the character in the alphabet
        if(n+z) > len(alphabetArray):                       #if we would go beyond 26...
                z = z - len(alphabetArray)                  #Go back to the beginning of the list, so u+6 would become A
        substitutedChar = alphabetArray[n+z-1]
        possiblePassword.append(substitutedChar)         #append the character to the possiblepassword list
    possiblePassword[0] =  possiblePassword[0].upper()     #change the case to upper for the original upper case characters
    possiblePassword[4] =  possiblePassword[4].upper()
    possiblePassword[7] =  possiblePassword[7].upper()
    possiblePasswordList.append("".join(possiblePassword))  #convert the list of chars to a string and add them to the list
    x = x+1                                                 #increment x with 1
for passwords in possiblePasswordList:
    print passwords

This will result into:

1: HvohKogSogm
2: IwpiLphTphn
3: JxqjMqiUqio
4: KyrkNrjVrjp
5: LzslOskWskq
6: MatmPtlXtlr
7: NbunQumYums
8: OcvoRvnZvnt
9: PdwpSwoAwou
10: QexqTxpBxpv
11: RfyrUyqCyqw
12: SgzsVzrDzrx
13: ThatWasEasy
14: UibuXbtFbtz
15: VjcvYcuGcua
16: WkdwZdvHdvb
17: XlexAewIewc
18: YmfyBfxJfxd
19: ZngzCgyKgye
20: AohaDhzLhzf
21: BpibEiaMiag
22: CqjcFjbNjbh
23: DrkdGkcOkci
24: EsleHldPldj
25: FtmfImeQmek
Now we can either add another module to try and log in with all of these passwords, however a quick look through the list reveals that number 13, "ThatWasEasy" is quite obviously the password we are looking for.