Getting Started with Cryptopals using Python
Tips for the first few challenges in Cryptopals.
Learn to break encryption. No math degree required. You do have to be able to code, though.
Cryptopals is a great exercise to learn breaking crypto. Here are some tips for the first few problems. They should allow you to move fast without revealing the complete solution.
You don't need a PhD in math to break crypto. The vulnerabilities are coding mistakes, similar to vulnerabilities in other domains.
The challenges are in Cryptopals. Cryptopals was created by Ptacek, Devlin, Balducci and Wielgoszewski.
How to play
- Start from Set 1, Challenge 1.
- Do the challenges in order.
- You can use any language. These tips assume Python.
Play:
- Don't just copy paste the answer. There are plenty of answers published in multiple languages.
- Don't just make ChatGPT or other AI copy-paste the answer. It does not even use any magic AI powers, the correct answer is right in its training material.
- The game is for you to play, so you can crack harder encryptions in the future.
How to use these tips
- Try the challenges yourself
- Look at tips here if you get stuck.
- If you're stuck, you can try a bit more. If that does not help, check the tips, that's what they are for.
- If the tips aren't enough, there are plenty of solutions in the internet in multiple languages.
Environment
- I'm using Debian 12-Bookworm and sometimes Kali.
- Micro editor is my favourite. Here is a convenient micro setup for these tasks. You can work in any editor.
- Python Basics for Hackers teaches you some tricks useful in these exercises.
Tips for specific exercises
1. Convert hex to base64
The task: 1. Convert hex to base64
Tips 1 - minor spoilers (click to expand)
- Look at each of the strings
- Can you use a command line tool to help you with some input strings? base64
- Note the difference between bytes b"TeroKarvinen.com" and str "TeroKarvinen.com"
- You can "print(type(x))"
Tips 1 - major spoilers (click to expand)
- 'echo VGVyb0thcnZpbmVuLmNvbQo=|base64 -d'
- base64.b64encode
- binascii.a2b_hex
2. Fixed XOR
Tips 2 - minor spoilers (click to expand)
- enumerate() gives you index in for-in loop
- use bytes b"TeroKarvinen.com", not strings
- use bitwise XOR
Tips 2 - major spoilers (click to expand)
- from binascii import a2b_hex, b2a_hex
- for i, c in enumerate(aBytes): # i index from 0; c current character
- bitwise XOR: "a ^ b", where a and b are int (a single byte, 1 B)
3. Single-byte XOR cipher
The task: 3. Single-byte XOR cipher
Tips 3 - minor spoilers (click to expand)
- Computer can decrypt as many strings as you wish, but how do you which cleartext is correct?
- Score answers - what does a string in English look like?
Tips 3 - major spoilers (click to expand)
- Encrypt with every key
- Give point for each character that's in "ETAOIN SHRDLU etaoin shrdlu"
- Show top 5 scored keys and decrypted strings
- Lists can be sorted with "somelist.sort(reverse=True)". Sorted version replaces the original list.
4. Detect single-character XOR
The task: 4. Detect single-character XOR
Tips 4. - minor spoilers (click to expand)
- This is one more loop to challenge 3.
Tips 4 - major spoilers (click to expand)
- Decrypt everything with every key
- Score and pick the winner
5. Implement repeating-key XOR
The task: 5. Implement repeating-key XOR
Tips 5 - minor spoilers (click to expand)
- What happens after the last char of key?
- Use modulus to return to start of the key. E.g. 16 % 12 == 4. In Finnish: jakojäännös.
- Index starts from zero in Python, just like most languages.
Modulus
>>> 16 % 12
4
Zero-based index
>>> "Tero"[0]
'T'
>>> len("Tero")
4
>>> "Tero"[3]
'o'
>>> "Tero"[4]
IndexError: string index out of range
Rolling around with index and modulus
>>> len("Tero")
4
>>> "Tero"[0 % 4]
'T'
>>> "Tero"[1 % 4]
'e'
>>> "Tero"[2 % 4]
'r'
>>> "Tero"[3 % 4]
'o'
>>> "Tero"[4 % 4]
'T'
>>> "Tero"[5 % 4]
'e'
Tips 5 - major spoilers (click to expand)
- k = key[i % len(key)] # current byte of key