Forensics

Lecture_22_Forensics

Challenge Description

My professor told me I might find something useful in these slides… Lecture_22__Forensics.pdf

We are given a PDF file to download.

The first thing I always do when I get a PDF file in a CTF challenge is the pdftotext command , It basically converts the pdf to plain text 

1
pdftotext Lecture_22__Forensics.pdf output.txt

Untitled

We stored our output in an output.txt file that if we take a look at it we can see our flag.

Untitled

Flag : wsc{y0u_c4nT_$ee_m3}

Forensics…kinda

Challenge Description

This image has been a bit shifty - can’t seem to find the message my friend encoded in it! Forensics_kinda.png

We are given a png file to work with.

The first thing I tried was zsteg ( I always use this command when working with png files ). It’s a Command-line tool for use against Least Significant Bit steganography… unfortunately only works against PNG and BMP images. You can get it from here https://github.com/zed-0xff/zsteg

1
zsteg Forensics_kinda.png

Untitled

Flag : wsc{g0_blu3}

Flaggy

Challenge Description

The flag is just in an image. How could that possibly be a challenge? flaggy.jpg

We got a flaggy.jpg image to download.

flaggy.jpg

We can see some interesting things like RSA , 3,2,2,3 .. hmmm

I then checked the strings and I found this

Untitled

As you can see we are given n and c , now we are sure that we are working with RSA.

Running exiftool gives as the same values before and the value of e

Untitled

Let’s note those values 

1
2
3
n = 2175313499
c = 2017794776
e = 13

That’s exactly what we need to write our RSA script in order to get our flag.

First we need to get the value of p and q , to do so let’s head over to http://factordb.com/ to factorize n

Now we got p and q

Untitled

1
2
p = 32377
q = 67187

The next step is finding phi which is : 

1
phi = (p-1) * (q-1)

Last but not least gonna calculate d which is :

1
d = pow(e , -1 , phi)

Now we have all the values of c , d and n , we can get our flag 🙂 

1
flag = pow(c,d,n)

Putting our script together 

1
2
3
4
5
6
7
8
9
10
11
12
13
from Crypto.Util.number import *

n = 2175313499
e = 13
c = 2017794776

p = 32377
q = 67187

phi = (p-1) * (q-1)
d = pow(e , -1 , phi)
flag = pow(c,d,n)
print (flag)

Running the script we get the following output 

1
1024965103

If you remember from the picture give in the challenge “decrypted int in 3,2,2,3” . So all we need to do is splitting our output into 3,2,2,3 like that 102 49 65 103 , these are decimal values that when we convert we get f1Ag and that’s our flag.

Untitled

Flag : wsc{f1Ag}

Noise

Challenge Description

My buddy sent me this totally RAW clip of them playing guitar. Doesn’t sound quite right to me, something might be off. Also don’t listen with headphones at the end! noise.wav

We are given a wav file to download

Untitled

Running strings as usual we find the following

Untitled

how can I view photoshop raws???.

hmmm that’s sus .

I opened the file in sonic-visualiser and I added a spectrogram hoping to find the flag there ( sometimes challenges that gives audio files have the flag in the spectrogram channels )

Untitled

Unfortunately, there is no flag this time :3

Untitled

I then tried stegolsb https://github.com/ragibson/Steganography to look for possible hidden data inside the file

1
stegolsb wavsteg -r -i noise.wav -o file.txt -b 200

but we only got some garbage

Untitled

I thought maybe I should give up on this challenge , but then I re-read the description which mentioned RAW and the sentence we found earlier in the strings how can I view photoshop raws??? . I got this idea of renaming the file from noise.wav to noise.raw and then opening it in photoshop. I fired up photoshop and opened the file noise.raw there.

Untitled

Here I set the dimensions to 1500 x 1500 then I hit the OK button. Now as you can see we have the following image aaand look what’s sneaking there, it’s our flag!

Untitled

It’s barely readable though, so I started playing little bit with the setting in order for us to be able to read it.

I changed the mode to bitmap

Untitled

default value for the output 72

Untitled

Now we can see better I guess

Untitled

Flag : wsc{t0t4ally_w1ck3d_dud3}

Crypto

RSA With The Dogs

Challenge Description

I was doing RSA with the dogs so that we could send stuff to each other. Unfortunately the cats are stealing our messages… gen.sage

We are given this script 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
from random import getrandbits
from Crypto.Util.number import bytes_to_long
p = random_prime(2^(1024//2),False,2^(1023//2))
q = random_prime(2^(1024//2),False,2^(1023//2))
n = p*q
phi = (p-1) * (q-1)
done = False
while not done:
d = getrandbits(1024//4)
if (gcd(d,phi) == 1 and 36*pow(d,4) < n):
done = True
Flag = open('flag.txt').read().encode()
m=bytes_to_long(Flag)
e = Integer(d).inverse_mod(phi)
c=pow(m,e,n)
print("n =",n)
print("e =",e)
print("c =",c)
n = 80958280137410344469270793621735550547403923964041971008952114628165974409360380289792220885326992426579868790128162893145613324338067958789899179419581085862309223717281585829617191377490590947730109453817502130283318153315193437990052156404947863059961976057429879645314342452813233368655425822274689461707
e = 3575901247532182907389411227211529824636724376722157756567776602226084740339294992167070515627141715229879280406393029563498781044157896403506408797685517148091205601955885898295742740813509895317351882951244059944509598074900130252149053360447229439583686319853300112906033979011695531155686173063061146739
c = 80629080505342932586166479028264765764709326746119909040860609021743893395577080637958779561184335633322859567681317501709922573784403504695809067898870536224427948000498261469984511352960143456934810825186736399371084350678586129000118485271831798923746976704036847707653422361120164687989605124465224952493
assert(int(pow(c,d,n)) == m)

It’s Wiener’s attack https://en.wikipedia.org/wiki/Wiener's_attack

I used RsaCtfTool https://github.com/Ganapati/RsaCtfTool to solve this challenge 

1
python3 RsaCtfTool.py -e 3575901247532182907389411227211529824636724376722157756567776602226084740339294992167070515627141715229879280406393029563498781044157896403506408797685517148091205601955885898295742740813509895317351882951244059944509598074900130252149053360447229439583686319853300112906033979011695531155686173063061146739 -n 80958280137410344469270793621735550547403923964041971008952114628165974409360380289792220885326992426579868790128162893145613324338067958789899179419581085862309223717281585829617191377490590947730109453817502130283318153315193437990052156404947863059961976057429879645314342452813233368655425822274689461707 --uncipher 80629080505342932586166479028264765764709326746119909040860609021743893395577080637958779561184335633322859567681317501709922573784403504695809067898870536224427948000498261469984511352960143456934810825186736399371084350678586129000118485271831798923746976704036847707653422361120164687989605124465224952493 --attack wiener

Output

Untitled

Flag : wsc{w13n3r5_wer3_bre4d_t0_hunt_b4dger5!}

Reversing

babyre1

Challenge Description

Is FLAG encoded already? Did I forget to call encode()? babyre1

solve.py

1
2
3
4
5
flag = [76, 72, 88, 64, 98, 11, 78, 100, 15, 73, 8, 100, 92 ,8, 79, 79, 10, 85, 92, 100, 79, 83, 8, 100, 83, 15 ,85, 92, 100, 11, 93, 100, 111, 115, 114, 104, 26, 70 ]
r=''
for i in range(len(flag)):
    r += chr(flag[i]^59)
print(r)