Hacking Resources for NCL

Orlando Rodriguez~3 min readen-USongoing
cybersecurityctfcryptographysteganographytoolshacking
This article is a work in progress. Content may be incomplete or change without notice.
SummaryResources for cryptography and steganography compiled during the 2020 NCL season with the U of A Cybercats. Covers ciphers, online and offline hash cracking, steg tools, and QR decoding. Includes usage notes and will be updated as we participate further in the program.

The categories are broken down by problem type, with separate groups for online and offline tools.

If you would like to contribute resources to the list, feel free to reach out at orlandorodriguezosr@protonmail.ch.

Geographic Location Tools§

Password Cracking§

Ciphers§

Cipher challenges in NCL typically involve classical substitution or transposition schemes. dcode.fr covers an enormous range of them in one place.

Why frequency analysis works

Letters in any natural language appear with predictable frequency — 'e' is the most common letter in English, 'z' the least. In a simple substitution cipher where every 'e' is replaced by the same symbol, that symbol will appear most often in the ciphertext. The Arab polymath Al-Kindi described this technique in a 9th-century manuscript, making it the oldest known codebreaking method.

Breaking Enigma

The Enigma machine used by Germany in WWII had around 158 quintillion possible settings per day, reset at midnight. The Allies cracked it through a combination of Polish mathematics, captured machines and codebooks, and Alan Turing's electromechanical Bombe at Bletchley Park. The intelligence derived from decrypted Enigma traffic — codenamed ULTRA — was classified until 1974. Its existence is widely credited with shortening the war by two to four years.

  • Caesar CipherJulius Caesar used a shift of three — A becomes D, B becomes E. It is trivially broken by hand and still appears in CTF competitions regularly, presumably to give beginners a win.
  • Vigenere Cipher
Why the Vigenère cipher stumped people for 300 years

Unlike the Caesar cipher, Vigenère uses a repeating keyword to shift each letter by a different amount, defeating simple frequency analysis. It was called le chiffre indéchiffrable — the unbreakable cipher — for roughly three centuries. Charles Babbage cracked it in the 1850s using a statistical method based on finding repeated sequences in the ciphertext, but he never published. Friedrich Kasiski independently discovered the same technique nine years later and got the credit.

Online Hashing§

  • MD5, SHA1, MySQL, NTLM, SHA256, SHA512MD5 has been considered cryptographically broken since 2004, when researchers showed two different inputs could produce the same hash. It still appears everywhere.

Offline Hashing§

Some of the commands may look like this:

Steganography§

Steganography is the practice of hiding a message inside another file — an image, audio clip, or document — so that its existence is not obvious.From Greek: steganos (covered) + graphia (writing). Herodotus recorded an early use: a message tattooed on a shaved slave's scalp, delivered once the hair grew back. In CTF competitions it usually means extracting data embedded in an image's pixel values or metadata.

Online Steg Tools§

QR Code Tools§

QR code origins

QR codes were invented in 1994 by Masahiro Hara at Denso Wave, a Toyota subsidiary, to track automotive parts during manufacturing. Hara was inspired by the game of Go. The format was released royalty-free, which is why it spread everywhere. The error correction built into the spec is robust enough that a QR code remains scannable with up to 30% of it obscured or damaged — which is why you can put a logo in the middle of one.

Related