Description
Not all ancient ciphers were meant for casual correspondence. This one requires a 6x6 key alphabet. Connect to the server and decrypt the message -- then send back the plaintext to prove you cracked it.
Setup
Connect via netcat to receive the 6x6 key alphabet and ciphertext.
Decrypt the Playfair cipher using the given key grid.
Send the plaintext back to the server to receive the flag.
Solution
- Step 1Connect and capture the key and ciphertextConnect to the server. It will display a 6x6 Polybius-style key alphabet (36 characters -- a-z and 0-9) and a ciphertext. Copy both for the next step.nc mercury.picoctf.net 6057
Learn more
The Playfair cipher is a digraph substitution cipher invented by Charles Wheatstone in 1854 and popularized by Lord Playfair. Unlike simple substitution ciphers that replace individual characters, Playfair encrypts pairs of letters (digraphs) at a time, making simple frequency analysis less effective. It was used by the British military in World War I and by the Australians in World War II.
The standard Playfair cipher uses a 5x5 grid containing the 25 letters of the alphabet (I and J are combined). This challenge uses a 6x6 variant that accommodates all 26 letters plus 10 digits (0-9), for 36 total characters. The key grid is filled with a keyword first (removing duplicates), then the remaining characters in order. The extended grid supports encrypting alphanumeric messages without losing digit information.
The server generates a fresh random key grid and ciphertext each connection, so the solution cannot be hardcoded -- it must automate Playfair decryption using the received key. This is a common CTF pattern: the server presents a random challenge that must be solved programmatically, rewarding a correct implementation of the cryptographic algorithm rather than manual solving.
- Step 2Decrypt with dCode Playfair decoderNavigate to dCode.fr's Playfair cipher tool. Select the 6x6 grid variant, paste the custom alphabet as the key, and enter the ciphertext. The decryption produces the plaintext message.
Learn more
Playfair decryption rules (for a 6x6 grid) operate on character pairs from the ciphertext:
- Same row: replace each character with the one to its left (wrapping around)
- Same column: replace each character with the one above it (wrapping around)
- Rectangle: replace each character with the one in the same row but the other character's column
During encryption, if a pair contains the same character, an "X" (or "0" in 6x6 variants) is inserted between them. The plaintext may have these fillers removed during decryption to recover the original message. The message is also padded to an even length if needed.
dCode.fr is a comprehensive online cipher reference with implementations of hundreds of historical and modern ciphers. For one-off manual decryption, it is the fastest path. However, since the server key changes each session, an automated Python implementation is needed for reliable flag retrieval -- implement the grid lookup and three decryption rules in a pwntools script that parses the server output, decrypts, and sends the result.
- Step 3Submit the plaintextSend the decrypted plaintext back to the server. If it's correct, the server responds with the flag. Since the key and ciphertext change every connection, automate with a Python script using the dcode API or implement the Playfair cipher manually.# Automate with pwntools + playfair Python implementation
Learn more
Automating the full challenge with pwntools involves: connecting with
remote(), reading the server output to parse the 6x6 grid and ciphertext, running a Playfair decryption function, sending the result, and reading the flag. A complete Python implementation of Playfair decryption for a custom alphabet is about 40-60 lines.The pwntools
tubeAPI is useful here:p.recvuntil(b'Ciphertext:')reads until the ciphertext label appears,p.recvline()reads the ciphertext, andp.sendline(plaintext)submits the answer.p.recvall()captures the server's response including the flag.Cryptographic CTF challenges that require sending responses back to the server (interactive challenges) test both your understanding of the cipher and your ability to implement it programmatically. The ability to quickly prototype cipher implementations in Python is a valuable skill -- standard library tools (
string,itertools) and clear algorithm documentation (Wikipedia, dCode) make this achievable even for unfamiliar ciphers under competition time pressure.
Flag
picoCTF{...}
The flag is returned by the server only after submitting the correct plaintext -- each session uses a fresh key.