The Sharif University CTF 2014

It looked like a fun CTF, but I did not have the chance to play for too long. I managed to solve a few problems in the morning and the solutions are below.

Avatar: Steganography

The challenge starts with:

A terrorist has changed his picture in a social network. What is the hidden message?

And the following image:

For this problem, I use OutGuess, which can be installed as:

$ tar -zxvf outguess-0.2.tar.gz
$ cd outguess
$ ./configure && make

Running it will give us the flag:

$ ./outguess -r lamb.jpg pass.txt
Reading ../lamb.jpg....
Extracting usable bits:   28734 bits
Steg retrieve: seed: 94, len: 41
$ cat pass.txt
We should blow up the bridge at midnight

What is this: Steganography

This challenge has a very short text:

Find the flag.

Together with two pictures:

After the usual inspection (tail, file, diff, compare), I applied my knowledge of a former astrophysicist to inspect what would happen if I added or subtracted the picture. I wrote the following script:

import sys

from scipy.misc import imread, imsave

def compare_images(img1, img2):
    diff = img1 + img2
    imsave('sum.png', diff)
    diff = img1 - img2
    imsave('diff.png', diff)

def main():
    file1, file2 = sys.argv[1:1+2]
    img1 = imread(file1).astype(float)
    img2 = imread(file2).astype(float)
    compare_images(img1, img2)

Running it, give us the flag!


Guess the number: Reverse Engineering

This problem starts with another not very informative text:

Guess the number and find the flag.

Then it gives us a java class file. It was clear that we needed to decompile it. I'm using jadfor this task:

$ jad guess.class

Now, opening this file in a text editor, we can see how to generate the flag:

```java
// Decompiled by Jad v1.5.8e. Copyright 2001 Pavel Kouznetsov.
// Jad home page: http://www.geocities.com/kpdus/jad.html
// Decompiler options: packimports(3)
// Source File Name:   guess.java

(...)
String str_one = "4b64ca12ace755516c178f72d05d7061";
 String str_two = "ecd44646cfe5994ebeb35bf922e25dba";
 String answer = XOR(str_one, str_two);
System.out.println((new StringBuilder("your flag is: ")).append(answer).toString());

Running the modified version gives us:

$ javac -g guess.java
$ java guess
your flag is: a7b08c546302cc1fd2a4d48bf2bf2ddb

Sudoku image encryption - cryptography

This challenge starts with the following text:

Row Major Order

And it gives us two pictures: a map and a sudoku.

We solve the sudoku and write the solution in a script to reorder the blocks:

from PIL import Image


# solved sudoku
sudoku = '''
964127538
712385694
385496712
491578263
238614975
576239841
627843159
153962487
849751326
'''
s = sudoku.replace('\n', '')

image = Image.open('image.png').convert('RGB')
out = Image.new('RGB', image.size)

for j in range(9):
    for i in range(9):
      img_cell = image.crop((i * 50, j * 50, i * 50 + 50, j * 50 + 50))
      c = (int(s[j * 9 + i]) - 1) * 50
      out.paste(img_cell, (c, j * 50))

out.save('out_image.png')

This gives us our flag:

Hack all the things!