picoCTF Solutions
picoCTF 2026Reverse EngineeringMedium

Hidden Cipher 1

Published: March 20, 2026

Description

The flag is only lightly concealed. Download `hiddencipher.zip`, identify the cipher and key, and peel the text back to plaintext.

Setup

Download hiddencipher.zip

Download and extract hiddencipher.zip.

Inspect the included files to identify the cipher and ciphertext.

unzip hiddencipher.zip
ls -la
cat *

Solution

  1. Step 1Identify the cipher
    Look at the source file or README. Common hidden ciphers in picoCTF include Caesar, Vigenère, XOR, or substitution ciphers. The key may be hidden in the filename, program constants, or plaintext hints.
    cat README
    cat cipher.txt
    cat source.*
  2. Step 2Extract the key
    Disassemble the binary or read the source to find where the key is stored or computed. The description says the cipher and key are both hidden but discoverable.
    strings binary
    r2 -A binary
    ghidra binary
  3. Step 3Decrypt the ciphertext
    Apply the identified cipher with the discovered key to decrypt the ciphertext.
    python3 << 'EOF' # Example XOR decrypt key = b"FOUND_KEY" ct = bytes.fromhex("CIPHERTEXT_HEX") pt = bytes(c ^ k for c, k in zip(ct, key * (len(ct)//len(key)+1))) print(pt.decode()) EOF

Flag

picoCTF{h1dd3n_c1ph3r_1_...}

Both the cipher type and the key are hidden in the program -- static analysis reveals them.