This document  goes over the significance of cyphers and their usage in history. Alongside this we will learn how to use cyberchef to crack these puzzling cyphers and develop an understanding of how and why they are used both historically and in the modern times.


Cryptography is an ancient art used mainly in military communications as a counter-intelligence method; cryptography has been used for hundreds of years, dating back to the Roman times when one of the earliest and weakest cyphers originated (The Caesar Cipher). This PAS Session will examine a few cyphers and their significance in history.

Learning Outcomes

  • You will be able to demonstrate how to access and use CyberChef’s built-in recipe.
  • You will be able to define the Caesar Cipher and its role as a basic substitution cipher technique.
  • You will be able to introduce brute-force attacks as a method to systematically try all possible keys.
  • You will be able to define Morse Code and its historical significance as a method of encoding text using symbols and spaces.
  • You will be able to explain the basic principles of substitution ciphers.
  • You will be able to demonstrate how to create a codebook to aid in encryption and decryption.


Autopsy for Windows Version 4.20.0: https://www.autopsy.com/download/

What is Cyber Chef?

An online encoding and decoding platform can be used to practice, encode, and decode messages through a drag-and-drop system.

Acquiring CyberChef

Follow or copy and paste the below link to move to the web utility of CyberChef. There is no need to download the application, but both resources are free.


Section 1: Caesar Cypher

This first section will cover the Caesar cypher, an ancient cypher used by Roman armies around 100 BC. The Romans created the Caesar Cypher, but the name originated from the emperor of the Roman Empire at the time, Julius Caesar. Julius Caesar utilised this secret encryption for communicating with commanders on the front line. This was composed of 26 keys as it uses only alphabetical characters. This is also called a shift. For example, if the shift value were 1, A would become B (A = B), and all characters would be represented by the letter after them in the alphabet.

Due to the small number of keys, we can easily brute-force and find the right key by trying all the possible combinations. Eventually, we will get an interpretable message.

Note: The value of the shift indicates how many letters it has moved LEFT.

Below is a table representative of the shift value 4, for instance:

1.1: How to Encode/Decode the Caesar Cipher in Cyber Chef

To encode and decode the Caesar cypher in CyberChef, follow the below instructions.

Step 1: On the left panel, go to Encryption / Encoding.

Step 2: Use the above options for encrypting and brute-forcing the cypher.

We will be using ROT13 for standard encryption; it is called ROT13 because it uses the default shift value of 13, but it’s the same. ROT13 Brute Force will try all 26 shifts and print the results to the output console. However, since ROT13 moves the characters right instead of left, you must subtract the change you are asked to use from 26 to get the cypher key for decrypting.

Step 3: In the ROT13 box in the value field, enter the shift value you have been asked to use and write your message into the input box. It automatically updates your secret message encoded using the Caesar Cypher in the Output box. Here, we are using shift 14 for our cypher.

Step 4: As expected, we found the cypher in shift 12 by printing out all the results using ROT13 Brute Force.

Also, did both numbers add up to 26 (14 to encrypt and 12 to decrypt)? So, to find the cypher key, you only need to use the formula (26 – Shift Value) to get the correct shift when converting from left change to right. When mentioned in the questions, I will refer to the left shift, so be cautious.

1.2: Activity 1 – Strategy Message

  1. Using the table above, encode your name. Use the top row for plaintext and replace the respective characters in your name with the ones below. Tip: Use plaintext to find the characters for your name, then use the ciphertext characters below the individual letter.
  2. Using the above table, decode WLIJJMIPHLEPPEQYRMZIVWMXC
  3. IF A = U, which shift are we using?
  4. Highlight the factual statements out of the following.

4a)  Caesar’s Cipher can be brute forced.

4b)  Caesar Cipher has 27 possible combinations.

4c)  Special Characters and Numbers are used in the Caesar Cipher.

4d)  Caesar Cipher can be cracked almost instantly using modern technology.

Section 2: Morse Code

Morse Code is an internationally recognised communications method, although some recognise it as an encryption method. This is because, by understanding Morse, the messages sent using this communications/encryption method are understandable. However, the difference between this being a communications or encryption method still needs to be debated.

Image Reference:

Wikipedia Contributors. (2018, December 7). Morse code. Wikipedia; Wikimedia Foundation. https://en.wikipedia.org/wiki/Morse_code

The image above shows the translation of alphanumeric characters into Morse code. There are multiple images online, including Morse code for alphanumeric and special characters, but we will not be using these translations, only the alphanumeric one shown above. Pipe characters “|” are used to denote spaces within a message.

Morse code is often used still today for the following reasons:

  • Morse code is still used today by intelligence agencies for emergency communications.
  • It is taught and learned in Morse code preservation societies, which see a lot of activity and engagement from ex-soldiers (Navy, Army, and Royal Marines, etc.)
  • Used technologies to help disabled people communicate where they have issues with using oral communication. (Deaf and Blind people, for instance)

2.1: How to Encode/Decode Morse Code in CyberChef

Step 1: Under Encryption / Encoding, find the above two options; we will be using these for the exercises, but take a look at the international Morse code here

Step 2: Type your message into the input box to encode; remember to disable “from morse code”, as we are not decoding yet. We should see Morse code in the output box.

Step 3: When decrypting a message, you turn “to Morse code” off and enable “from Morse code.” This will decode the morse in the input box and give us the message in the output box. Morse has no keys, so it is debated to be more of a communications method than an encoding method.

2.2: Activity 2 – Emergency Transmission

  1. Decode the following using morse:

1A) … — …

1B) .– . | .- .-. . | .. -. | .–. . .-. ..-

1C) …. .–. .– .– — –.. -.– .–. -. -.-. .-.. -. …- – -.– .-. . … – -.. –.. -.– .–. (Brute force Caesar cipher from result).

  1. Encode the following using morse:




Print out using any space delimiter but replace space delimiters with a pipe character “|” 

Section 3: Substitution Cipher

Substitution cyphers are like Caesar’s Cypher as they are monoalphabetic cyphers. The difference is that while Caesar’s cypher is shifted, substitution cyphers can be randomised, which leaves the possibility for more keys, however using modern technology, it is quick to break this cypher using brute force but imagine having to break it; how many people would be needed in comparison to breaking the Caesar cypher through brute force.

This is why another method of breaking the substitution cypher was needed rather than brute-forcing the substitution cypher.

This is where frequency analysis comes in; the above chart shows the most and least common letters in the English alphabet used in communications. If we find H as the most common letter in an encrypted message, we can assume H = E in plaintext. However, this is only sometimes true, as letters like A & T are frequently used.

3.1. How to Encode/Decode Substitution Cipher

When using a substitution cypher to encode, you must convert the plaintext characters to ciphertext characters. Often, this is performed with a table; the top row is plaintext characters, and the bottom row is cyphertext characters.

For Example, the Table above shows a substitution table; we can encode and decode using this.

So, let’s say we want to convert “MERRY CRYPTMAS”. We would use the above table and convert this message to “XDTTN HTNVPXJS”.

Try to convert these letters from the bottom to the top characters; you should get the same message we encrypted.

What if we do not have a substitution table or key? This is where Frequency Analysis comes to the rescue. Frequency Analysis studies the frequency of letters in cyphertext to convert ciphertext into the original text. Word frequency analysis finds common words to fill gaps and find other words and letters.

Above is a frequency analysis chart that shows the most frequent letter used in the English language, which is E, the second is T, the third is A and the fourth, O. Now you are also able to find a frequency analysis for the most used three- and four-letter words, but you can look that up yourself. Linguistics is an essential aspect of piecing together the final message.

Many online tools can help you find the frequency of letters in the ciphertext. This is one:


Please copy and paste ciphertext into this to get a quick result on the most frequent letters and start replacing them. However, You should know that it will not always be the most re-occurring letter, so that it may take a couple of guesses. Eventually, this will broaden into being able to make words and ultimately uncover the entire hidden message.

3.2: Activity 3 – You Have Mail

  1. Using the above substitution cypher table, encode:

1A) youfinishedactivitytwo

1B) welcometoactivitythree

For the following question, you may find a frequency analysis tool, such as the frequency analysis tool on 101 Computing. Search “101 Computing Frequency Analysis” to find and use this tool. From here, you can paste the text from the message.txt file.

  1. Using frequency analysis, decode the message in Message.txt

3.3: Activity 4 – Create your own cypher

Take this opportunity to send your own secret messages to your friends but send them the key so they can see your message. Send another message to someone who will attempt to intercept your message and decrypt it.

Section 4: Advanced Cypher (Enigma)

Enigma is a famous cypher utilised by nazi Germany in the Second World War to keep their military operations secret. To decrypt the enigma without brute forcing, you need to hold a rotor codebook displaying the settings to configure on the enigma machines for that day of the month. These would be handed out monthly to nazi commanders, ensuring the information was kept secret.

To try and crack the enigma today, computers would still take 100 years to brute force the message. So, in this activity, we will not be brute-forcing enigma or using a bombe machine. Knowing how these machines were configured and how the different settings would change the encrypted output is essential.

4.1: How to Encode/Decode Enigma, using Cyberchef and Enigma Codebook.

Firstly, you need to know Enigma has 150,000,000,000,000 combinations, which is why we will be using the codebook, to ensure too much time isn’t taken from the rest of the session.

Step 1: First, find the enigma in Encryption / Encoding and set the model to the 3-rotor model.

Step 2: Open the Enigma 3-rotor codebook.docx and view the document contents; as you can see, there should be 31 days of Enigma cyphers. Each day of the month, the configurations for the enigma machine are changed, and the encoding is different. To find the correct key, you must brute force through every combination in this codebook. Read the end of the document to find which reflector to use. This shows five days of enigma configurations from the paper.

NOTE: The settings are displayed in this codebook from left to right, so please keep this in mind when setting up the Enigma rotor in

Step 3: As we can see, there are eight configurations which we can choose from, going back to the codebook find and coming back to the cyber chef page to configure the rotors to match the document. Note that the rotors on the record go from left to right. So, using the day four configuration in step 2, we will set the left rotor to IV, the middle rotor to I and the right rotor to VII.

Step 4: Next, we will configure the ring settings; this goes from left to right, too, so the left rotor ring setting will be F, the middle will be L, and the request will be X.

Step 5: The plugboard settings are where we edit the plugboard of the enigma cypher, as shown in the image above. Pair letters together and separate them with a space. I have configured the plugboard in the embodiment above with the day four configurations.

Step 6: Set the initial rotor values from left to right on the day four configurations; left should be K, middle T and right R. You should now have the configurations for the 4th-day enigma configurations and be ready to encrypt your code using this method.

Step 7: Decoding can be done by pasting the encrypted text and having the correct configurations on the enigma machine. You should be able to view plaintext output in the output box.

Answer the following questions using the above steps to encode and decode using the Enigma cypher.

4.2: Activity 5 – Enigmatic Thinking

  1. Using the codebook provided titled “enigma 3-rotor codebook”, please use the appropriate date to encrypt the following message: (hint this session was initially taught on 30/03/2023)


  1. Use the codebook to find the day the message in SecretMessage.txt was sent.
  1. Write down message plaintext after decoding SecretMessage.txt.

4.3: Activity 6 – Discovery

For this activity, please find two other cyphers and write down any weaknesses and strengths they have.

Here are some you could look up:

Foursquare Cypher

Vigenère Cypher

Hill Cypher (Advanced)

Lorenz Cypher (Advanced)




Rawson, Brandon (Student)