Tools / ROT Cipher
ROT / Caesar Cipher Decoder
Paste any ROT-encoded or Caesar-shifted ciphertext, drag the slider to the correct shift, or click Try all 26 shifts to scan every rotation at once. Letters shift; digits, punctuation, and spaces are preserved.
Decoded output
Chain more decoders →picoCTF{r0tat1on_d3crypt3d_7d140864}
How it works
A Caesar cipher shifts every letter in the alphabet by a fixed amount. ROT13 is the most common variant (shift of 13) because applying it twice returns the original text. The flag format picoCTF{…} tells you when you have the right shift - the decoded output must begin with those characters.
Challenges solved with this tool: picoCTF 2023 - Rotation, Ready Gladiator 0, Ready Gladiator 1, Ready Gladiator 2.
The shift is defined modulo 26 because the English alphabet has 26 letters. This means a shift of 0 and a shift of 26 produce the same output (the identity), and encrypting then decrypting with the same shift restores the original. ROT13 is its own inverse (shift 13 applied twice = shift 26 = 0), which is why it is used casually to hide spoilers - one click to encode, one click to decode.
In CTF challenges, Caesar ciphers appear most in introductory-level cryptography categories. The giveaway is that the text contains recognizable punctuation, spacing, and word lengths but only the letter substitution is changed. The flag format picoCTF{...} acts as a known-plaintext crib: if the ciphertext contains a sequence like unjvPGS{...}, you can immediately calculate the shift from the first character (p → u = shift 5) without trying all 26 values.
Some challenges apply the cipher only to digits (ROT5, which rotates 0--9 by 5), or to both letters and digits at once (ROT18 = ROT13 + ROT5). Others use a Caesar cipher on the entire ASCII printable range (shift within 0x20--0x7E). If a standard ROT shift produces garbled output, consider whether the shift might apply to a wider character set than just A--Z.