caesar picoCTF 2019 Solution

Published: April 2, 2026

Description

Decrypt the message encrypted with a Caesar cipher. Hint: salting it won't help. The ciphertext appears inside the picoCTF{...} braces.

Download the file containing the ciphertext from the challenge page.

Solution

Want to try it yourself first?

The guided walkthrough reveals hints one step at a time.

Walk me through it
  1. Step 1
    Brute-force all 26 Caesar shifts
    Observation
    I noticed the challenge title explicitly names the Caesar cipher and the ciphertext is a short lowercase string inside the flag braces, which meant the key space is only 26 possible shifts and trying every one is faster and more reliable than deducing the correct shift analytically.
    A Caesar cipher shifts each letter by a fixed amount. With only 26 possible keys, brute-force is trivial. Run the Python snippet below to print every possible decryption - the shift that produces readable English inside the braces is the answer.
    python
    python3 -c "
    s='tifjjzexkyvilsztfehnahooda'
    for i in range(26):
        print(i,''.join(chr((ord(c)-97+i)%26+97) if c.isalpha() else c for c in s))
    "
    What didn't work first

    Tried: Decode the ciphertext using ROT13 only, assuming that is the standard Caesar shift.

    ROT13 is a fixed shift of 13 and is common online, but the challenge uses an arbitrary shift between 0 and 25. Applying ROT13 produces one specific output that will almost certainly not be readable English. The brute-force loop is necessary because you do not know the shift in advance - only one of the 26 outputs will form recognizable words.

    Tried: Treat the entire picoCTF{...} string including the braces as input to the shift loop.

    The braces, underscore, and digits are not alphabetic characters, so the ord() arithmetic will mishandle them or produce garbage output for those positions. The challenge description states the ciphertext appears only inside the braces, so pass only the inner string 'tifjjzexkyvilsztfehnahooda' to the loop - the chr() branch for c.isalpha() passes non-alpha characters through unchanged, but curly braces still confuse the index when the wrapper string is not stripped first.

    Learn more

    The Caesar cipher is a monoalphabetic substitution cipher named after Julius Caesar, who reportedly used a shift of 3 to protect military communications. Every letter in the plaintext is replaced by the letter a fixed number of positions later in the alphabet, wrapping around from Z back to A.

    Because there are only 26 possible shifts (including 0, which does nothing), the Caesar cipher has an exhaustively small key space. A brute-force attack simply tries all 26 possibilities and shows the results - a human can immediately spot the one that reads as English. The Python one-liner above does exactly this: for each shift i, it maps every lowercase letter c by computing (ord(c) - 97 + i) % 26 + 97. Subtracting 97 converts the ASCII code to 0-25, adding i and taking mod 26 wraps the shift, and adding 97 converts back to ASCII.

    In real cryptanalysis, the Caesar cipher is also trivially broken by frequency analysis: in English the most common letter is 'e'. If you find the most frequent letter in the ciphertext, the difference from 'e' gives you the shift. This generalizes into more powerful attacks on simple substitution ciphers.

    The hint "salting it won't help" is a red herring - salt is a concept from password hashing (a random value added before hashing to prevent rainbow table attacks), which has nothing to do with the Caesar cipher. Recognizing such misdirection is a useful CTF skill.

Interactive tools
  • Cipher Identifier & Auto-DecoderPaste any ciphertext and the tool auto-runs every common decoder (base64, hex, Morse, ROT, Atbash, Bacon, binary, decimal, URL) and ranks the results by English-likeness.
Alternate Solution

Use the ROT / Caesar Cipher tool built into this site. Paste the ciphertext and click Try all 26 shifts to see every rotation at once - spot the row that starts with picoCTF and you have the flag, with no scripting required.

Flag

Reveal flag

picoCTF{crossingtherubiconqwjqxxmj}

With only 26 possible keys, brute-force is trivial - the shift that produces recognizable English words is the answer.

Key takeaway

Classical substitution ciphers like Caesar fail because their key space is tiny and letter frequency in natural language is highly non-uniform. An attacker needs at most 25 attempts for Caesar, and frequency analysis breaks the more general monoalphabetic substitution cipher without any brute-force at all. Modern symmetric ciphers like AES address both weaknesses with astronomically large key spaces and designs that produce statistically uniform ciphertext regardless of plaintext structure.

Related reading

Want more picoCTF 2019 writeups?

Tools used in this challenge

What to try next