Snakes and Ladders


The flag is fqtbjfub4uj_0_d00151a52523e510f3e50521814141c. The attached file may be useful.


Static Analysis

In encrypt(), it takes even index from string and performs algorithem. And for odd index, it does xoring.

Even Index

For each character, it will check if character is in between “a” and “z”. Pretty much checking if it is an alphabet. Then it will add 14 to it. Then check if it is alphabet still. If it isn’t it will make it into alphabet by subtracting 26 which is length of alphabet. This makes it so that result will always be an alphabet.

Odd Index

For odd index, they just xor first 15 character. then make it into hex.


They then retun result from even index + odd index


How I really feel

I feel like I should really learn to use z3 (Thoerom Solver). But This was easy enough to do it by hand.

Even Index

Check if the text is in between “a” and “z”. If it is, subtract randnum(14). Then check if character is less then “a”. If it is, you add 26 to it.

Odd Index

First you want to undo the hex() and turn it into bytes. Then you want to undo the “utf-8” decoding. Then you can just use the same xor function since inverse of xor is xor.

Section of String to Read for Even and Odd Index

If you play around with encryption, you will realize that if you give string of 10 character, it will give you string that is 15. Which makes sense since for even index result, you will have 5. As for odd index it will be (len(input_string)/2) * 2 = len(input_string).

So if you give string that is 16 character, you will get 8 + 16 = 26 character string.

Putting even index and odd index list into correct string

You just have to loop through and ping pong between even index and odd index list to make a string.


def decrypt(msg):

    even_text = msg[0:15]
    randnum = 14
    text_length = len(even_text)
    endtext = ""
    for i in range(0, text_length):
        weirdtext = even_text[i]

        if weirdtext >= "a" and weirdtext <= "z":
            weirdtext = chr(ord(weirdtext) - randnum)
            if weirdtext < "a":
                weirdtext = chr(ord(weirdtext) + 26)

        endtext += weirdtext

    # Decrypt xor string
    oddMsg = msg[15:]
    oddMsg= bytes.fromhex(oddMsg)
    oddMsg = oddMsg.decode("utf-8")
    xored = xor("aaaaaaaaaaaaaaa", oddMsg)

    endtext_list = list(endtext)
    xored_list = list(xored)
    result = []
    for i in range(0,15):

    return ''.join(result)

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s