WeChall - Training - Substitution I

Posted on In Views: Disqus:

Challenge

A simple monoalphabetic substitution cipher. The plaintext is a fixed 30-word sentence; only the password word (position 21, 12 letters) is dynamic per session. 简单的单表替换密码。明文是一个固定的 30 词句子,只有第 21 个词(12 个字母)是每 session 动态变化的。

1
2
3
4
5
6
Oh dear, I guess you have cracked the two caesar cryptos...
This one is more difficult. Although a simple substitution is easily cracked...
Again the characters are limited to A-Z... But I think I can come up with a 256 version again.

Enjoy!
SR ZBC UWJPKBZR KIH RID AUE QCUH ZBPN JR LQPCEH P UJ PJMQCNNCH TCQR YCWW HIEC RIDQ NIWDZPIE GCR PN MEESELIEACIP ZBPN WPZZWC ABUWWCEKC YUN EIZ ZII BUQH YUN PZ

Solution

这是一个 dynamic challenge — 每次加载页面都会生成新的密文,但明文句子的结构固定,只有密码词变化。解法是通过 known-plaintext matching 建立字母映射表。

步骤 1:确定已知词

把 30 个密文词列出来,用常见的短英语词来锚定:

1
2
3
4
5
6
7
8
 1: SR          2: ZBC         3: UWJPKBZR     4: KIH
 5: RID         6: AUE         7: QCUH         8: ZBPN
 9: JR         10: LQPCEH     11: P           12: UJ
13: PJMQCNNCH  14: TCQR       15: YCWW        16: HIEC
17: RIDQ       18: NIWDZPIE   19: GCR         20: PN
21: MEESELIEACIP              22: ZBPN        23: WPZZWC
24: ABUWWCEKC  25: YUN        26: EIZ         27: ZII
28: BUQH       29: YUN        30: PZ

WeChall Substitution I 的固定部分含有大量可识别的短词:

  • 第 2 词 ZBC (3 字母) → "the"(英语最常用词)
  • 第 1 词 SR (2 字母) → "by"(常见介词)
  • 第 5 词 RID (3 字母) → "you"
  • 第 6 词 AUE (3 字母) → "can"
  • 第 27 词 ZII (3 字母, 双写结尾) → "too"(仅有的几个双写 3 字母词之一)
  • 第 25/29 词 YUN (3 字母) → "was"(在句子中位置吻合)

步骤 2:推导映射

从第 2 词 ZBC → "the" 开始: 

1
2
3
Z → t
B → h
C → e

第 5 词 RID → "you": 

1
2
3
R → y
I → o
D → u

第 27 词 ZII → "too"(Z 已知 → t,II → oo,确认匹配): 

1
I → o   ✓(与 RID 一致)

第 1 词 SR → "by": 

1
2
S → b
R → y   ✓(与 RID 一致)

不断重复——每匹配一个词就扩充映射表。29 个固定词的映射足以覆盖 A-Z 几乎所有字母。

步骤 3:解码密码词

第 21 词 MEESELIEACIP 是密码词。用已推导的映射逐字母解码即可得到 12 字母密码。

也可以直接用 subsolve 自动解:

1
2
3
4
5
6
7
8
9
$ ./target/release/subsolve "SR ZBC UWJPKBZR KIH RID AUE QCUH ZBPN JR LQPCEH P UJ PJMQCNNCH TCQR YCWW HIEC RIDQ NIWDZPIE GCR PN MEESELIEACIP ZBPN WPZZWC ABUWWCEKC YUN EIZ ZII BUQH YUN PZ"
Score: -567.73 (quadgram)
─────────────────────────────────────────────────────────────────
by the almighty god you can read this my friend iam impressed very well
done your solution key is pn nb nf once oi this little challenge was not
too hard was it
─────────────────────────────────────────────────────────────────
  alt 2 (q: -1549.27): by the almighty god you can read this my friend i am impressed very well done yo...
  alt 3 (q: -1557.21): by the almighty god you can read this my friend iam impressed very well done you...
pnnbnfonceoi

此密码为当前 session 动态值,其他 session 的密码需重新解码。方法不变——known-plaintext matching 或 subsolve tool 均可。