It looked like a fun CTF, but I did not have the chance to play for too long. I managed to solve a few problems in the morning and the solutions are below.
Avatar: Steganography
The challenge starts with:
A terrorist has changed his picture in a social network. What is the hidden message?
And the following image:
For this problem, I use OutGuess, which can be installed as:
$ tar -zxvf outguess-0.2.tar.gz
$ cd outguess
$ ./configure && make
Running it will give us the flag:
$ ./outguess -r lamb.jpg pass.txt
Reading ../lamb.jpg....
Extracting usable bits: 28734 bits
Steg retrieve: seed: 94, len: 41
$ cat pass.txt
We should blow up the bridge at midnight
What is this: Steganography
This challenge has a very short text:
Find the flag.
Together with two pictures:
After the usual inspection (tail, file, diff, compare), I applied my knowledge of a former astrophysicist to inspect what would happen if I added or subtracted the picture. I wrote the following script:
import sys
from scipy.misc import imread, imsave
def compare_images(img1, img2):
diff = img1 + img2
imsave('sum.png', diff)
diff = img1 - img2
imsave('diff.png', diff)
def main():
file1, file2 = sys.argv[1:1+2]
img1 = imread(file1).astype(float)
img2 = imread(file2).astype(float)
compare_images(img1, img2)
Running it, give us the flag!
Guess the number: Reverse Engineering
This problem starts with another not very informative text:
Guess the number and find the flag.
Then it gives us a java class file. It was clear that we needed to decompile it. I'm using jadfor this task:
$ jad guess.class
Now, opening this file in a text editor, we can see how to generate the flag:
```java
// Decompiled by Jad v1.5.8e. Copyright 2001 Pavel Kouznetsov.
// Jad home page: http://www.geocities.com/kpdus/jad.html
// Decompiler options: packimports(3)
// Source File Name: guess.java
(...)
String str_one = "4b64ca12ace755516c178f72d05d7061";
String str_two = "ecd44646cfe5994ebeb35bf922e25dba";
String answer = XOR(str_one, str_two);
System.out.println((new StringBuilder("your flag is: ")).append(answer).toString());
Running the modified version gives us:
$ javac -g guess.java
$ java guess
your flag is: a7b08c546302cc1fd2a4d48bf2bf2ddb
Sudoku image encryption - cryptography
This challenge starts with the following text:
Row Major Order
And it gives us two pictures: a map and a sudoku.
We solve the sudoku and write the solution in a script to reorder the blocks:
from PIL import Image
# solved sudoku
sudoku = '''
964127538
712385694
385496712
491578263
238614975
576239841
627843159
153962487
849751326
'''
s = sudoku.replace('\n', '')
image = Image.open('image.png').convert('RGB')
out = Image.new('RGB', image.size)
for j in range(9):
for i in range(9):
img_cell = image.crop((i * 50, j * 50, i * 50 + 50, j * 50 + 50))
c = (int(s[j * 9 + i]) - 1) * 50
out.paste(img_cell, (c, j * 50))
out.save('out_image.png')
This gives us our flag:
Hack all the things!