# Venona; Texas Security Awareness Week CTF 2025
---
writeup made by: [romerquelle](https://github.com/Romketha)

category: crypto

## Task description:

```
You've been deployed on a classified reconnaissance mission deep in the jungles of Vietnam. After days of trekking through dense foliage, your team discovers an abandoned intelligence outpost that appears to have been hastily evacuated. As the team's cryptanalyst, you're tasked with investigating a small underground room containing what looks like a communication center. Among scattered papers and broken equipment, you find:

A peculiar reference table (see attached image) with alphabetic grid patterns Scattered papers with two plaintext messages and three encrypted messages.

Intelligence believes one of the three messages contains critical information about enemy operations.

flag format: texsaw{FLAG}
```

txt file we got:
```
===== PLAINTEXT MESSAGES =====
-OPERATION BLUE EAGLE MOVING TO SECTOR FOUR STOP REQUEST EXTRACTION AT BLUE EAGLE
-AGENT SUNFLOWER COMPROMISED NEAR HANOI STOP ABORT MISSION COMPROMISED

===== ENCRYPTED MESSAGES =====
-RCPZURNPAQELEPJUJZEGAMVMXWVWCTBMHKNYEEAZVXQWVKGMRVWXDLCANHLGY
-FLPDBSBQIGBJECHMIOZGJMQONXJANFPQYQPWIIONYKNERKHIABLJTPTAOZMDGZUTAESK
-KDPRMZZKNBECTGTKMKQOWXKCHMVNDOPQXUWJJLECUCLBQKKVDXJNUEYFIDAGVIUG
```

and DIANA.tiff file we got:


## Solving the task

From the name of the tiff file, we can conclude that this is a DIANA cipher.
Searching the web about the DIANA cipher and analyzing the given table, we found this page:
```http://www.crittologia.eu/en/critto/cifraDIANA.html```
This web page explains in detail how the DIANA cipher works and this made it even easier for us to write the code.
The page says:
```According to Shannon's theorem, a figure like this is 100% indecipherable under two conditions: 1) that the sequence is truly random; 2) that an OTP is never reused. The second depends on the organization of the service, the first condition is very difficult to respect; ```
Given that decryption is only possible in the case of the same OTP, we assumed that both messages were encrypted with the same OTP key. Now we have all the information to write the code:

```py
def create_diana_table():
"""Create the DIANA cipher table from the provided information"""
diana_table = {}
alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"

for i, letter in enumerate(alphabet):
# For each row, create the bottom alphabet (shifted)
offset = 26 - i
bottom_row = alphabet[-offset:] + alphabet[:-offset]
diana_table[letter] = bottom_row

return diana_table

def decrypt_diana(ciphertext, key, diana_table):
"""
Decodes a message encrypted with the DIANA cipher

Args:
ciphertext (str): The encrypted message
key (str): The encryption key
diana_table (dict): Dictionary mapping rows to their bottom row values

Returns:
str: The decrypted message
"""
plaintext = ""
key = key.upper() # Ensure key is uppercase
key_length = len(key)
alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"

for i, char in enumerate(ciphertext):
if not char.isalpha():
plaintext += char # Preserve non-alphabetic characters
continue

# Get the row to use from the key (repeating as needed)
key_char = key[i % key_length]

# Find the position of the ciphertext character in the bottom row of the key's row
bottom_row = diana_table[key_char]

if char in bottom_row:
# Find position in bottom row
pos = bottom_row.index(char)
# Get corresponding character from top row (standard alphabet)
plaintext += alphabet[pos]
else:
plaintext += char # Character not found in table, keep as is

return plaintext

def find_key_from_known_text(ciphertext, known_plaintext, diana_table):
"""
Attempt to find the key by using known plaintext and ciphertext pairs

Args:
ciphertext (str): The encrypted message
known_plaintext (str): The known plaintext that corresponds to the ciphertext
diana_table (dict): The DIANA cipher table

Returns:
str: The potential key
"""
# Clean up the texts - remove spaces and make uppercase
ciphertext = ''.join(c for c in ciphertext if c.isalpha()).upper()
known_plaintext = ''.join(c for c in known_plaintext if c.isalpha()).upper()

# Ensure we only use the length of the shorter text
length = min(len(ciphertext), len(known_plaintext))
ciphertext = ciphertext[:length]
known_plaintext = known_plaintext[:length]

# For each pair of plaintext/ciphertext characters, determine what key letter would map one to the other
potential_key = ""
alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"

for i in range(length):
p_char = known_plaintext[i]
c_char = ciphertext[i]

# Try each possible key row
key_found = False
for key_char in alphabet:
bottom_row = diana_table[key_char]
if bottom_row[alphabet.index(p_char)] == c_char:
potential_key += key_char
key_found = True
break

if not key_found:
potential_key += "?" # Couldn't find a mapping

# Look for repeating patterns in the key
for key_length in range(2, 16): # Try keys of length 2 to 15
if len(potential_key) >= key_length * 2:
repeat = True
base_key = potential_key[:key_length]

# Check if this segment repeats
for i in range(key_length, len(potential_key), key_length):
segment = potential_key[i:i+key_length]
if segment and segment != base_key[:len(segment)]:
repeat = False
break

if repeat:
return base_key

return potential_key

def main():
# Create the DIANA cipher table
diana_table = create_diana_table()

# Load the encrypted messages
encrypted_messages = [
"RCPZURNPAQELEPJUJZEGAMVMXWVWCTBMHKNYEEAZVXQWVKGMRVWXDLCANHLGY",
"FLPDBSBQIGBJECHMIOZGJMQONXJANFPQYQPWIIONYKNERKHIABLJTPTAOZMDGZUTAESK",
"KDPRMZZKNBECTGTKMKQOWXKCHMVNDOPQXUWJJLECUCLBQKKVDXJNUEYFIDAGVIUG"
]

# Known plaintext messages
plaintext_messages = [
"OPERATION BLUE EAGLE MOVING TO SECTOR FOUR STOP REQUEST EXTRACTION AT BLUE EAGLE",
"AGENT SUNFLOWER COMPROMISED NEAR HANOI STOP ABORT MISSION COMPROMISED"
]

# Try to find the key from the known plaintext/ciphertext pairs
print("=== ATTEMPTING TO FIND THE KEY ===")
for i, plaintext in enumerate(plaintext_messages):
for j, ciphertext in enumerate(encrypted_messages):
potential_key = find_key_from_known_text(ciphertext, plaintext, diana_table)
print(f"Plaintext {i+1} with Ciphertext {j+1} suggests key: {potential_key}")

# Try the key to see if it produces something readable
decrypted = decrypt_diana(ciphertext, potential_key, diana_table)
print(f"Decryption with this key: {decrypted[:50]}...\n")

# Interactive mode to try different keys
while True:
key = input("\nEnter a key to try (or 'q' to quit): ").strip().upper()
if key == 'Q':
break

for i, message in enumerate(encrypted_messages, 1):
decrypted = decrypt_diana(message, key, diana_table)
print(f"Message {i} decrypted with key '{key}':")
print(decrypted)
print()

if __name__ == "__main__":
main()

```

### Detailed description of the code:

#### Creating a DIANA table:

`create_diana_table` function creates the provided DIANA cipher table.

It generates a cipher table called `diana_table` which maps each letter of the alphabet (A to Z) to a unique shifted version of the alphabet.
The top row of the table is the standard alphabet (A-Z), and the bottom row for each key letter is a shifted version of the alphabet.
For example:

```
Key A: ABCDEFGHIJKLMNOPQRSTUVWXYZ → ABCDEFGHIJKLMNOPQRSTUVWXYZ
Key B: ABCDEFGHIJKLMNOPQRSTUVWXYZ → BCDEFGHIJKLMNOPQRSTUVWXYZA
Key C: ABCDEFGHIJKLMNOPQRSTUVWXYZ → CDEFGHIJKLMNOPQRSTUVWXYZAB
```

The result is a dictionary where each key is a letter (A to Z), and the value is the corresponding shifted alphabet.

#### Decryption:

`decrypt_diana` function decrypts ciphertext encoded using the DIANA cipher and a specific encryption key.

We have 3 inputs here: `ciphertext`, `key` and `diana_table` (which we got from the previously mentioned function).

##### Process:

1. Converts the key to uppercase to ensure case insensitivity.
2. Iterates over each character in the ciphertext:
- for Non-Alphabetic Characters: Added to the plaintext as-is (e.g., spaces, punctuation).
- for Alphabetic Characters:
- Determines the row in the cipher table using the current key character.
- Finds the position of the ciphertext letter in the row.
- Maps the ciphertext letter back to the standard alphabet (A-Z) using the found position.
3. Returns the decrypted plaintext message.

#### Finding a key using a known plaintext:

`find_key_from_known_text` attempts to derive the encryption key used to encode a ciphertext when part of the plaintext is already known.

We also have 3 inputs here: `ciphertext`, `known_plaintext` and `diana_table`.

##### Process:

1. Cleans up both the ciphertext and known plaintext:
- Removes non-alphabetic characters.
- Converts them to uppercase.
2. Iterates over each pair of plaintext and ciphertext characters:
- For each key character (A-Z), checks if the plaintext character maps to the ciphertext character using the cipher table.
- If a match is found, the corresponding key character is added to the potential key.
- If no match is found, a placeholder (?) is added.
3. Attempts to identify repeating patterns in the derived key (since encryption keys are often cyclic, e.g., `ABABAB`).
4. Returns the most likely key or the derived key with placeholders.

### Summarised explanation of the code:

1. Creates cipher table: Generates the DIANA cipher table using `create_diana_table`.
2. Loads encrypted messages:
- A predefined set of encrypted messages (`encrypted_messages`) is loaded.
- Known plaintext messages (`plaintext_messages`) are provided for testing.
3. Known plaintext attack:
- Pairs each plaintext with each ciphertext to guess the encryption key using `find_key_from_known_text`.
- Decrypts messages using the derived keys to check readability.

P.S.
Initially, the script was not interactive and required users to modify the code directly to test different encryption keys. However, I later enhanced it by integrating an interactive mode, which allows users to manually input custom encryption keys. This feature enables users to decrypt the provided encrypted messages, analyze the results, and experiment with different keys in a more user-friendly way.

### Finding the flag:

When we execute the code we get this output:

```
=== ATTEMPTING TO FIND THE KEY ===
Plaintext 1 with Ciphertext 1 suggests key: DNLIUYFBNPTRALJOYVSSFEIGEIDSAANVCWTHMLMKETACRSNIUCFXBSUMAHSFN
Decryption with this key: OPERATIONBLUEEAGLEMOVINGTOSECTORFOURSTOPREQUESTEXT...

Plaintext 1 with Ciphertext 2 suggests key: RWLMBZTCVFQPAYHGXKNSOEDIUJRWLMBZTCVFQPAYHGXKNSOEDIUJRWLMBZTCVFQPAYHG
Decryption with this key: OPERATIONBLUEEAGLEMOVINGTOSECTORFOURSTOPREQUESTEXT...

Plaintext 1 with Ciphertext 3 suggests key: WOLAMGRWAATIPCTEBGEABPXWOYDJBVBZSGCSRSQNDYVHMSRRGESNSLQRVDHFKOQC
Decryption with this key: OPERATIONBLUEEAGLEMOVINGTOSECTORFOURSTOPREQUESTEXT...

Plaintext 2 with Ciphertext 1 suggests key: RWLMBZTCVFQPAYHGXKNSOEDIUJRWLMBZTCVFQPAYHGXKNSOEDIUJRWLMBZTCV
Decryption with this key: AGENTSUNFLOWERCOMPROMISEDNEARHANOISTOPABORTMISSION...

Plaintext 2 with Ciphertext 2 suggests key: FFLQIAHDDVNNALFYWZISXEYKKKFAWYPDKIXDUTOMKTUSJSPAMOJVHACMCRUZD
Decryption with this key: AGENTSUNFLOWERCOMPROMISEDNEARHANOISTOPABORTMISSION...

Plaintext 2 with Ciphertext 3 suggests key: KXLETHFXIQQGPPRWAVZAKPSYEZRNMHPDJMEQVWEBGLSPISSNPKHZIPHRWVICS
Decryption with this key: AGENTSUNFLOWERCOMPROMISEDNEARHANOISTOPABORTMISSION...
```

We can notice that one of the keys appears in both cases (`RWLMBZTCVFQPAYHGXKNSOEDIUJRWLMBZTCVFQPAYHGXKNSOEDIUJRWLMBZTCVFQPAYHG`).
With the same code, we try decryption using that key:

```
Enter a key to try (or 'q' to quit): RWLMBZTCVFQPAYHGXKNSOEDIUJRWLMBZTCVFQPAYHGXKNSOEDIUJRWLMBZTCVFQPAYHG

Message 1 decrypted with key 'RWLMBZTCVFQPAYHGXKNSOEDIUJRWLMBZTCVFQPAYHGXKNSOEDIUJRWLMBZTCVFQPAYHG':
AGENTSUNFLOWERCOMPROMISEDNEARHANOISTOPABORTMISSIONCOMPROMISED

Message 2 decrypted with key 'RWLMBZTCVFQPAYHGXKNSOEDIUJRWLMBZTCVFQPAYHGXKNSOEDIUJRWLMBZTCVFQPAYHG':
OPERATIONBLUEEAGLEMOVINGTOSECTORFOURSTOPREQUESTEXTRACTIONATBLUEEAGLE

Message 3 decrypted with key 'RWLMBZTCVFQPAYHGXKNSOEDIUJRWLMBZTCVFQPAYHGXKNSOEDIUJRWLMBZTCVFQPAYHG':
THEFLAGISWONTIMEPADWITHUNDERSCORESBETWEENWORDSWRAPPEDINTHEHEADER
```

Decrypted message: `THEFLAGISWONTIMEPADWITHUNDERSCORESBETWEENWORDSWRAPPEDINTHEHEADER`

So the flag is: `texsaw{won_time_pad}`