H4CK1T CTF 2016: Mozambique – 1magePr1son (150 points)

Description

RU: Внедрение новейшей системы шифрования информации как всегда приносило множество проблем одной из известных служб FSI: они потеряли модуль, отвечающий за дешифрование информации. А информация уже была зашифрована! Ваша задача на сегодня: определить способ шифрования алгоритма и декодировать сообщение.

EN: Implementing of the latest encryption system as always brought a set of problems for one of the known FSI services: they have lost the module which is responsible for decoding information. And some information has been already ciphered! Your task for today: to define a cryptoalgorithm and decode the message.

h4ck1t{str(flag).upper()}

Solution

The attached ZIP archive contained an image called planet.png. It was a regular-looking image, so let’s look for any hidden stuff inside.

First, I looked for EXIF data using the exif command, which it did not contain. Then, I looked at any hidden message using the strings command, which did not show any useful ASCII strings.

My third step was to have a look at the pixels inside. I wrote a small Python script that iterates through the pixels and prints their RGB value. I decided to first look at the first 100 pixels (an arbitrary number I chose to keep the output small for now), to see if they contain some sort of a pattern.

Running the script, I got the following output:

To me, that looked interesting. The first ‘outlier’ was at pixel #24, which showed an RGB value that was much lower than the surrounding pixels. Then, at pixel #48, the same seems to happen. The same applies to pixel #96. It seems that something is happening every 24 pixels.

After having a look at the image, I noticed a grid pattern, starting at the top left corner. I zoomed in on that part below:

planet1

Might it be that these ‘dots’ have some meaning? At least it is too obvious to ignore it. Looking at the dots manually, it seems that there are 64 horizontally, and 64 vertically. We are thus dealing with a 64×64 grid here.

Using the same approach I used earlier to look at the pixels, I tweaked my script a little and printed every 24th pixel until I had 64 in a row. Then, I moved to the next row, which I assumed would be 24 pixels below as the vertical distance between the dots looked the same as the horizontal distance to me. I decided to also write them to a new image file to see what the output would be.

Now, let’s run the script:

…and look at its output (./output.png):

output

That’s it! Each ’24th pixel’ was one pixel of the 64×64 image that contains the flag. The flag is h4ck1t{SPACE_IS_THE_KEY}.

Leave a Comment

Your email address will not be published.