Case file

Index-shifted Caesar reverse of a custom enc() function

Foundations crypto engagement: recovered the plaintext by inverting a Python enc() that Caesar-shifted each alphabetic character by its string index; non-letters unchanged.

Foundations14 minCryptography · Python · Code Review
  • Received ciphertext and the enc() implementation; wrote a mirrored dec() that subtracts index i per letter and recovered the engagement string.

  • Mapped enc() shift-by-index behavior; implemented dec() and verified plaintext.

01

Engagement summary

Received ciphertext and the enc() implementation; wrote a mirrored dec() that subtracts index i per letter and recovered the engagement string.

CIPHER’S SECRET MESSAGE delivered an encrypted blob plus the exact Python encryption routine used in production of that blob. enc() enumerated plaintext characters: alphabetic glyphs were rotated forward by their index i within A–Z or a–z; digits and underscores passed through unchanged. That is a position-dependent Caesar — shift grows with offset into the string. Inversion is deterministic: subtract i (mod 26) for each letter. Running dec() on a_up4qr_kaiaf0_bujktaz_qm_su4ux_cpbq_ETZ_rhrudm produced a_sm4ll_crypt0_message_to_st4rt_with_THM_cracks. No brute force required once the algorithm was reviewed.

Business impact

Homegrown “obfuscation” that ships with its source is not encryption. Anyone with the routine recovers secrets offline. Use vetted libraries (AES-GCM, libsodium) and keep key material out of repositories — do not invent alphabet math for confidentiality.

02

Algorithm review and decryption script

Mapped enc() shift-by-index behavior; implemented dec() and verified plaintext.

ENCRYPTION (SUPPLIED)

enc.py

def enc(plaintext):
    return "".join(
        chr((ord(c) - (base := ord('A') if c.isupper() else ord('a')) + i) % 26 + base)
        if c.isalpha() else c
        for i, c in enumerate(plaintext)
    )

DECRYPTION

dec.py

cipher = "a_up4qr_kaiaf0_bujktaz_qm_su4ux_cpbq_ETZ_rhrudm"

def dec(ciphertext):
    result = []
    for i, c in enumerate(ciphertext):
        if c.isalpha():
            base = ord("A") if c.isupper() else ord("a")
            result.append(chr((ord(c) - base - i) % 26 + base))
        else:
            result.append(c)
    return "".join(result)

print(dec(cipher))
# a_sm4ll_crypt0_message_to_st4rt_with_THM_cracks

OPERATOR · CRYPTO

savvy@lab:~$ python3 dec.py

a_sm4ll_crypt0_message_to_st4rt_with_THM_cracks

Remediation

Treat any custom cipher in application code as broken by default. Prefer authenticated encryption with managed keys. During code review, flag index-based alphabet transforms as non-cryptographic obfuscation.