Writeup in progress
Currently making the solution for Ricochetand the walkthrough will be published here as soon as it's ready.
Check back soon - or follow our latest updates on the homepage- to be notified when the full writeup goes live.
Ricochet
Published: April 2, 2025
Want more picoCTF 2025 writeups?
Useful tools for Cryptography
- ROT / Caesar CipherDecode Caesar-shifted and ROT-encoded text. Drag the shift slider or scan all 26 rotations at once.
- Affine CipherEncrypt, decrypt, or brute-force affine ciphers using E(x) = (ax + b) mod 26. Brute force ranks all 312 key pairs by English letter frequency.
- XOR CipherXOR-decrypt hex or text ciphertext with a known key, or brute-force the single-byte key automatically.
- Vigenère CipherEncrypt or decrypt text with the Vigenère polyalphabetic substitution cipher using a keyword.
Related reading
- RSA Attacks for CTF CryptographyA complete guide to RSA attack techniques that appear in CTF competitions: small public exponent, weak modulus factoring, common modulus, Wiener's attack, and RSA oracle decryption - with picoCTF challenge links throughout.
- Base64, Hex, and Common CTF Encodings ExplainedIdentify and decode every encoding you will encounter in CTF competitions: Base64, hex, binary, octal, ROT13, URL encoding, Morse code, and more -- with one-liners for each.
What to try next
- CryptographyHard
MSS_ADVANCE Revenge
Advanced Shamir Secret Sharing challenge. Apply a lattice-based attack to recover the secret from insufficient shares.
- CryptographyHard
Secure Dot Product
An AES-keyed dot product server blindly trusts its inputs. Send crafted vectors to leak key bytes via the computed output.
- CryptographyHard
flag_printer
Reconstruct a mathematical structure from partial outputs to activate the flag printer. Apply CRT or polynomial interpolation to solve the system.
- CryptographyHard
PowerAnalysis: Part 1
Recover multiple AES key bytes using differential power analysis on simulated traces. Correlate power consumption against predicted SubBytes outputs.
- CryptographyHard
PowerAnalysis: Part 2
Full AES key recovery via DPA on noisier traces. Collect a larger corpus, apply statistical correlation across all 16 bytes, and decrypt the flag.