Description: A type of transposition cipher is the rail fence cipher, which is described here. Here is one such cipher encrypted using the rail fence with 4 rails. Can you decrypt it? Download the message here. Put the decoded message in the picoCTF flag format, picoCTF{decoded_message}.
Difficulty: Medium
Author: Will Hong
Summary
This challenge introduces the Rail Fence Cipher, a classic transposition cipher.
The goal is to decrypt the ciphertext stored in message.txt using a Rail Fence with 4 rails, then wrap the result in the flag format: picoCTF{decoded_message}.
Analysis
We are provided with a file named message.txt:
$ file message.txtmessage.txt: ASCII text, with no line terminators$ cat message.txtTa _7N6D49hlg:W3D_H3C31N__A97ef sHR053F38N43D7B i33___N6So the ciphertext is : Ta _7N6D49hlg:W3D_H3C31N__A97ef sHR053F38N43D7B i33___N6
Since the challenge description specifies Rail Fence Cipher with 4 rails, we know this is a transposition cipher, not substitution. Before decrypting it, letβs first understand how the Rail Fence Cipher works.
What is Rail Fence Cipher?
The Rail Fence Cipher is a transposition cipher that encrypts a message by writing it in a zig-zag pattern across several βrailsβ (rows), then reading the characters row by row.
It is often described as writing text in a wave-like pattern:
- Write characters diagonally downwards.
- When the bottom rail is reached, move diagonally upwards.
- Repeat the pattern until the entire message is written.
- Finally, read off each rail from top to bottom to form the ciphertext.
How Rail Fence Encryption & Decryption Work
Encryption Steps
- Choose a number of rails (rows).
- Place characters in an upβdown zig-zag pattern across the rails.
- Read each rail straight across.
Decryption Steps
- Recreate the zig-zag structure.
- Fill the rails row-by-row using the ciphertext.
- Reconstruct the plaintext by following the original zig-zag path.
Encrytion Example (with 4 rails)
Plaintext:
WEAREDISCOVEREDFLEEATONCEWritten in zig-zag:
Rail 1: W . . . R . . . E . . . E . . . A . . .Rail 2: . E . R . D . S . O . E . E . F . E . T .Rail 3: . . A . . C . . . V . . . R . . . L . . .Rail 4: . . . E . . . . . . . . . . . . . . . . .(Periods represent empty positions.)
Now read each rail from top to bottom:
Rail 1 β W R E E A CRail 2 β E R D S O E E F E T NRail 3 β A C V R L ERail 4 β ECiphertext :
WREEACERDSOEEFE TNA CVRLEDecryption Example (with 4 rails)
To decrypt, we reverse the process.
Step 1, Mark the zig-zag path
For a 4-rail fence, the pattern repeats every:
We first draw the empty rails for the length of the ciphertext (25 chars):
Rail 1: * . . . * . . . * . . . * . . . * . . . *Rail 2: . * . * . * . * . * . * . * . * . * . * . *Rail 3: . . * . . * . . * . . * . . * . . * . . * .Rail 4: . . . * . . . * . . . * . . . * . . . * . .Step 2, Fill in rails row by row
Fill row by row using characters from the ciphertext.
Step 3, Read the plaintext in zig-zag
Plaintext obtained:
WEAREDISCOVEREDFLEEATONCEDecrypting the ciphertext (4 Rails)
Using the same decryption process or an online tool such as Rail Fence decoder
We obtain the plaintext: The flag is: WH3R3_D035_7H3_F3NC3_8361N_4ND_3ND_4A76B997
PicoCTF flag Format
Now for the flag, we need to just wrap it in the format : picoCTF{WH3R3_D035_7H3_F3NC3_8361N_4ND_3ND_4A76B997}
β‘ Raikiriπ Flag pwned!
π‘ TL;DR / Lesson LearnedThe Rail Fence cipher is a simple transposition method, it only rearranges characters without altering them. Decryption is straightforward once you know the number of rails and reconstruct the zig-zag pattern used during encryption. Like most classical ciphers, Rail Fence is not secure today; it is vulnerable to pattern analysis and can be solved quickly with modern tools.