picoCTF Solutions
PathPart of the Cryptography path · Step 1 of 4: Classical Ciphers
picoCTF 2022CryptographyMedium

rail-fence

Published: July 20, 2023

Description

A message was encrypted with a rail fence cipher using 4 rails. Decode it and wrap the plaintext in picoCTF{...}.

Setup

Download message.txt

Read the ciphertext from message.txt.

Use CyberChef or another rail fence decoder with key=4 to recover the plain text.

cat message.txt
# In CyberChef: Rail Fence Decode → Key 4 and paste the text

Solution

  1. Step 1Apply Rail Fence decoding
    The challenge states 4 rails, so plug the ciphertext into a rail-fence decoder with key 4. CyberChef's Rail Fence (Decode) module works great.
    Learn more

    The Rail Fence cipher is a classical transpositioncipher - it rearranges the letters of the plaintext rather than replacing them. The message is written diagonally down and up across a set number of "rails" (rows), then read off row by row. For example, with 3 rails, "WEAREDISCOVERED" becomes three rows read in a zigzag pattern.

    Unlike substitutionciphers, every letter in a transposition cipher is present in the ciphertext - just in a different position. This means letter frequency analysis won't help; you need to know (or guess) the structure. With only a small key space (number of rails is usually 2-10), brute force is trivial.

    CyberChefis a browser-based Swiss army knife for encoding, decoding, and transforming data. It supports dozens of classical ciphers, encoding schemes, and data format conversions - all without installing anything. It's an essential tool for CTF challenges and real-world forensics work.

    To decode manually without a tool: divide the ciphertext into four rows based on the zigzag pattern, then read the characters diagonally. For a 4-rail fence, the top and bottom rails contain the fewest characters (they only touch the zigzag at peaks and valleys), while the middle rails contain more. The exact character count per rail depends on the message length - computing this by hand for short messages is feasible, which is why understanding the algorithm is valuable even when you have CyberChef available.

    Classical ciphers like Rail Fence, Caesar, Vigenere, and Playfair are frequently tested in CTF competitions because they require pattern recognition and algorithmic thinking rather than brute computation. Recognizing which cipher was used from ciphertext characteristics (letter frequency preserved but positions scrambled for transposition; frequency distribution shifted for substitution; unusual character sets for encoding schemes) is a key skill for the "crypto" category in CTFs.

  2. Step 2Wrap the flag
    The decoded sentence is already in the picoCTF format; copy it as-is.
    Learn more

    Once a transposition cipher is reversed, the plaintext is fully recovered with no ambiguity - every letter returns to its original position. This is in contrast to substitution ciphers, where frequency analysis gives probabilistic guesses that may need manual correction.

    The Rail Fence cipher was historically used during the American Civil War as a simple field cipher. While trivially broken today (even by hand with the right number of rails), it illustrates the fundamental principle that rearranging data is not the same as hiding it. Modern transposition techniques form one component of block cipher modes like CBC, but are always combined with substitution for security.

    In modern symmetric encryption, the AES block cipher combines both substitution (the SubBytes step applies a non-linear S-box to each byte) and permutation/transposition (the ShiftRows and MixColumns steps move bytes between positions). This combination - known as a substitution-permutation network - is what makes AES resistant to both frequency analysis and positional attacks. Neither substitution nor transposition alone is secure; the power comes from iterating both together across multiple rounds.

    If you encounter a ciphertext in a CTF and are unsure which classical cipher was used, the Index of Coincidence (IC) can help distinguish transposition from substitution. Transposition ciphers preserve the original letter frequency distribution (IC matches plaintext language), while monoalphabetic substitution ciphers also preserve frequencies but shift them. Polyalphabetic ciphers like Vigenere produce a lower, flatter IC. These statistical tests guide cipher identification before you attempt decryption.

Flag

picoCTF{WH3R3_D035_7H3_F3NC3_8361N_4ND_3ND_4A76...}

Rail fence is a simple transposition cipher; once you know the number of rails, decoding is straightforward.

Want more picoCTF 2022 writeups?

Browse picoCTF 2022Full library

Useful tools for Cryptography

Related reading

What to try next