# VishwaCTF 2025 - Forgotten Cipher
**Title:** Forgotten Cipher
**Description:**
The VIC cipher, a Cold War-era encryption, used evolving keys and transformations to secure messages. Inspired by this, the given cipher dynamically modifies its key and applies subtle bitwise transformations to obscure the text.XOR based transforms are used with base key as a single digit and bitwise shifts follow certain index rules.Reversing the process requires careful observation—can you unravel the sequence and restore the original message?
**File:** `Info.txt:`
```
Encrypted Message :- 0d4ac648a2f0bee7bccf0231c35e13ba7bc93a2d8f7d9498885e3f4998
Key Evolution Formula :- K(n) = [ K(n−1) × 3 + index ] mod 256
```
## Solution
1. **Encryption Overview:**
- **Key Evolution:**
The key evolves by using the formula:
```
K(n) = (K(n-1) * 3 + index) mod 256
```
with 0-based indexing.
- **Byte-wise Encryption:**
For each plaintext byte at position _i_:
- **XOR:** Compute `X = Plaintext_byte XOR K(i)`.
- **Bitwise Rotation:**
- If _i_ is even, left-rotate `X` by 2 bits.
- If _i_ is odd, right-rotate `X` by 2 bits.
2. **Decryption Strategy:**
To reverse the encryption process, we:
- **Undo the Rotation:**
- For even indices, perform a right rotation by 2 bits.
- For odd indices, perform a left rotation by 2 bits.
- **XOR Reversal:**
XOR the result with the corresponding key byte to recover the original plaintext.
- **Key Update:**
Update the key for the next byte using the same evolution formula.
3. **Deducing the Base Key:**
Since the flag starts with `"VishwaCTF{"` (with `'V'` being `0x56` in ASCII) and the first ciphertext byte is `0x0d`:
- For index 0 (even), the encryption applied a left rotation by 2 bits. Reversing it (via a right rotation) gives us `0x43`.
- Then, we have:
```
0x43 XOR K(0) = 0x56 => K(0) = 0x43 XOR 0x56 = 0x15
```
Thus, the initial key is 21 in decimal.
4. **Recovering the Flag:**
Using the deduced base key, we process each of the ciphertext bytes by:
- Reversing the appropriate rotation (depending on the index)
- XORing with the evolving key
- Updating the key for the next byte.
Here is the complete Python script that implements the decryption:
```python
def rotate_left(x, n):
return ((x << n) | (x >> (8 - n))) & 0xff
def rotate_right(x, n):
return ((x >> n) | (x << (8 - n))) & 0xff
# the given ciphertext
cipher_hex = "0d4ac648a2f0bee7bccf0231c35e13ba7bc93a2d8f7d9498885e3f4998"
cipher_bytes = bytes.fromhex(cipher_hex)
plaintext = bytearray()
# deduce the initial key using the known first plaintext character (V = 0x56)
# for index 0 (even), encryption left-rotated the XOR result by 2 bits
# thus, we reverse it by right-rotating the first ciphertext byte
first_ct = cipher_bytes[0]
rotated = rotate_right(first_ct, 2)
K = rotated ^ 0x56 # this yields the base key K(0)
print(f"Initial key: {K}")
# decrypt each ciphertext byte
for i, ct in enumerate(cipher_bytes):
if i % 2 == 0:
# even index: undo left rotation by performing a right rotation
r = rotate_right(ct, 2)
else:
# oddd index: undo right rotation by performing a left rotation
r = rotate_left(ct, 2)
pt_byte = r ^ K
plaintext.append(pt_byte)
# update the key for the next byte
K = (K * 3 + (i + 1)) % 256
try:
decrypted_message = plaintext.decode()
except UnicodeDecodeError:
# if decoding fails, print the raw hex rep
decrypted_message = plaintext.hex()
print("Decrypted Message:")
print(decrypted_message)
```
**Explanation:**
- The script defines two helper functions for circular bit rotations.
- It deduces the initial key (`K(0)`) using the known plaintext starting character.
- For each byte, it reverses the rotation (depending on whether the byte is at an even or odd index), XORs with the current key, and updates the key for subsequent bytes.
- Finally, it outputs the decrypted message, which reveals the flag.
Running this script outputs the flag:
**VishwaCTF{VIC_Decoded_113510}**
Sign in with Wallet
Connect another wallet