It looked like a fun CTF, but I did not have the chance to play for too long. I managed to solve a few problems in the morning and the solutions are below.
The challenge starts with:
A terrorist has changed his picture in a social network. What is the hidden message?
And the following image:
For this problem, I use OutGuess, which can be installed as:
$ tar -zxvf outguess-0.2.tar.gz $ cd outguess $ ./configure && make
Running it will give us the flag:
$ ./outguess -r lamb.jpg pass.txt Reading ../lamb.jpg.... Extracting usable bits: 28734 bits Steg retrieve: seed: 94, len: 41 $ cat pass.txt We should blow up the bridge at midnight
What is this: Steganography
This challenge has a very short text:
Find the flag.
Together with two pictures:
After the usual inspection (tail, file, diff, compare), I applied my knowledge of a former astrophysicist to inspect what would happen if I added or subtracted the picture. I wrote the following script:
import sys from scipy.misc import imread, imsave def compare_images(img1, img2): diff = img1 + img2 imsave('sum.png', diff) diff = img1 - img2 imsave('diff.png', diff) def main(): file1, file2 = sys.argv[1:1+2] img1 = imread(file1).astype(float) img2 = imread(file2).astype(float) compare_images(img1, img2)
Running it, give us the flag!
Guess the number: Reverse Engineering
This problem starts with another not very informative text:
Guess the number and find the flag.
Then it gives us a java class file. It was clear that we needed to decompile it. I'm using jadfor this task:
$ jad guess.class
Now, opening this file in a text editor, we can see how to generate the flag:
```java // Decompiled by Jad v1.5.8e. Copyright 2001 Pavel Kouznetsov. // Jad home page: http://www.geocities.com/kpdus/jad.html // Decompiler options: packimports(3) // Source File Name: guess.java (...) String str_one = "4b64ca12ace755516c178f72d05d7061"; String str_two = "ecd44646cfe5994ebeb35bf922e25dba"; String answer = XOR(str_one, str_two); System.out.println((new StringBuilder("your flag is: ")).append(answer).toString());
Running the modified version gives us:
$ javac -g guess.java $ java guess your flag is: a7b08c546302cc1fd2a4d48bf2bf2ddb
Sudoku image encryption - cryptography
This challenge starts with the following text:
Row Major Order
And it gives us two pictures: a map and a sudoku.
We solve the sudoku and write the solution in a script to reorder the blocks:
from PIL import Image # solved sudoku sudoku = ''' 964127538 712385694 385496712 491578263 238614975 576239841 627843159 153962487 849751326 ''' s = sudoku.replace('\n', '') image = Image.open('image.png').convert('RGB') out = Image.new('RGB', image.size) for j in range(9): for i in range(9): img_cell = image.crop((i * 50, j * 50, i * 50 + 50, j * 50 + 50)) c = (int(s[j * 9 + i]) - 1) * 50 out.paste(img_cell, (c, j * 50)) out.save('out_image.png')
This gives us our flag:
Hack all the things!