Bandit Level 12 Walkthrough

Level 11 ➔ Level 12: Cracking the ROT13 Cipher

1. My Objective

I have reached a file called data.txt. Inside, all the text is scrambled. The goal tells me that every letter has been rotated by 13 positions. This is a very old and simple type of encryption where 'A' might become 'N', 'B' becomes 'O', and so on. My task is to reverse this rotation to read the hidden password.

The Hint: Lowercase (a-z) and uppercase (A-Z) are both rotated. I need to find a tool that can swap these letters back to their original spots.

2. The Feynman Explanation: The Alphabet Clock

To understand ROT13, I imagine the alphabet is not a straight line, but a circular clock with 26 hours.

The Secret Decoder Ring Analogy:

Imagine I have two identical circles of the alphabet, one inside the other. I turn the inner circle by 13 clicks.

Now, when I look at the letter 'A' on the outside circle, it lines up with 'N' on the inside. This is ROT13 (Rotate 13).

The beauty of this system is that there are 26 letters in the alphabet. 13 is exactly half of 26. This means if I rotate a letter by 13 twice, I end up exactly where I started! To decode the message, I don't need a complex "reverse" tool; I just need to rotate the scrambled text by another 13 positions to bring the letters back to their original home.

3. Practical Solution

I log in as bandit11. I will use the tr (translate) command. This command is perfect for swapping one set of characters for another.

# I view the scrambled data first
bandit11@bandit:~$ cat data.txt
Gur cnffjbeq vf JHe8onSAn929SAb36906sV...

# I use 'tr' to shift the alphabet by 13 places
# A-Z becomes N-ZA-M and a-z becomes n-za-m
bandit11@bandit:~$ cat data.txt | tr 'A-Za-z' 'N-ZA-Mn-za-m'

# The terminal reveals the original message:
The password is JVUg8onSAn929SAb36906sV...

How the tr command works:

I provided two sets of characters. The first set 'A-Za-z' is what I want to change. The second set 'N-ZA-Mn-za-m' is what I want them to become. Notice that the second set starts with 'N' (the 14th letter). This effectively maps A $\rightarrow$ N, B $\rightarrow$ O, and so on.

🚀 My Pro Tips: Character Translation

✨ The Symmetric Rule

Because 13 is exactly half of 26, tr 'A-Za-z' 'N-ZA-Mn-za-m' works for both encoding AND decoding. It is a self-reciprocal cipher.

⭐ Mind the Case

I must always include both A-Z and a-z. If I only translate uppercase, the lowercase letters will remain scrambled, and the password will be invalid.

🔍 Beyond ROT13

I can use tr for more than just ciphers. If I have a file full of commas and I want to turn them all into spaces, I can just run:
cat file.csv | tr ',' ' '

4. Why this matters

While ROT13 is never used for real security today, it is used frequently in online forums to hide spoilers or offensive language from casual view. In cybersecurity, understanding basic substitution ciphers is the first step toward understanding how more complex encryption algorithms shuffle and transform data to keep it private.

Puzzle Solved!

I've successfully rotated the alphabet back into place. I'll save this password and move on to Level 12 ➔ Level 13, where I will face the challenge of nested file compression!

Tags: #Linux #Bandit #OverTheWire #ROT13 #TrCommand #Cryptography #SubstitutionCipher #CyberSecurity #FeynmanTechnique #CodeWithPritom #ProTips