picoCTF Solutions
picoCTF 2019Reverse EngineeringHard

reverse_cipher picoCTF 2019 Solution

Published: April 2, 2026

Description

We have a secret message and a binary that encrypts it. Reverse the cipher to decrypt enc.

Setup

Download both files: the rev binary and the enc ciphertext file.

bash
wget <url>/rev
bash
wget <url>/enc
bash
chmod +x rev

Solution

Walk me through it
  1. Step 1Examine the binary
    Run strings on the binary to find any hardcoded values. Then open it in Ghidra or Radare2 to decompile the encryption logic. The encryption function applies a simple transformation to each character.
    bash
    strings rev
    bash
    file rev
    bash
    ghidra rev &
    Learn more

    Ghidra is a free reverse engineering tool from the NSA. It decompiles binaries to C-like pseudocode. Load the binary, let it auto-analyze, then navigate to the main function to see the encryption logic.

  2. Step 2Understand the encryption algorithm
    The binary likely applies a character-by-character transformation: for example, adding a fixed value to uppercase letters, subtracting from lowercase, or leaving non-alpha characters unchanged. Note the exact transformation.
    Learn more

    A common pattern: if the character is uppercase, apply one transformation; if lowercase, apply another. The key insight is that you need to identify what transformation was applied and reverse it. For example, if the binary adds 3 to uppercase chars (Caesar shift), subtracting 3 reverses it.

  3. Step 3Write a Python decryption script
    Apply the inverse of the encryption transformation to each byte of the enc file to recover the original flag.
    python
    python3 << 'EOF'
with open('enc', 'r') as f:
    ciphertext = f.read()

result = ''
for c in ciphertext:
    if c.isupper():
        # Reverse the upper-case transformation
        result += chr(ord(c) - <OFFSET>)  # fill in from Ghidra analysis
    elif c.islower():
        # Reverse the lower-case transformation
        result += chr(ord(c) + <OFFSET>)  # fill in from Ghidra analysis
    else:
        result += c
print(result)
EOF
    Learn more

    When reversing a cipher, always test with a known input first: run the binary on a test file you create, then try to reverse the output back to the original. This validates your understanding before applying it to the real ciphertext.

Alternate Solution

Once you identify the fixed shift offset from Ghidra, use the ROT Cipher tool on this site to apply the inverse Caesar shift to the ciphertext - enter the shift amount and the flag appears immediately without writing a Python script.

Flag

picoCTF{...}

Decompile the rev binary to find the character transformation, then write a Python script applying the inverse to the enc file.

Want more picoCTF 2019 writeups?

Browse picoCTF 2019Full library

Tools used in this challenge

Related reading

What to try next