Unexpected Transmission

We regret to inform you that this blog is no longer under its original control. An unknown force has intervened. The usual voices, the familiar presence—you will find none of them here now.

What happens next is uncertain. Who—or what—is behind this remains unclear. But one thing is certain: change is inevitable.

Stay, if you dare. Leave, if you must.

Transmission ends.

Little red riding Tux

Once upon a time, in a land not too far away, and not as distant as you might think in time, as well, there was a little penguin 🐧. And, that penguin went to /etc/secret in Deutschland wearing his little red riding hood, there he met the bad black horned creature and his (maybe bad) friends.

Bad black horned creature and his friends told the little penguin that they were actually good, M$ was the evil one.

(Maybe) good black horned creature and his friends taught little penguin to treasure what he had, especially his smileys.

Good black horned creature and his friends helped little penguin realize that XOR is reversible, and RSA is not the solution to all problems.

Little penguin made a lot of friends, one of them was very talented at hiding stuff inside other stuff, which people call the art of steganography. Little penguin had fun solving those steganography challs, his observation and analysis skills greatly improved. He even created a tool which helps with steganalysis.

Many years have passed, little penguin had grown up to become big penguin. Although busy catching fish and taking care of his kids, big penguin still spent some of his free time catching the flags to relive the great moments of the good old days.

One day big penguin found a strange bottle drifting from the land of the Blue Hens to his island. Actually, many other penguins saw that bottle and tried to read its contents, but all they found was gibberish.

To the big penguin, however, the bottle was like a message from the good old days. He easily figured out the important part and recovered the hidden message.

Still alive & new chall

Just a quick update to let everyone know that I'm still alive and kicking.

Recently, I've been solving some challs (not as much as before) and playing CTFs with a Vietnamese team (we're currently ranked 4 in the country ranking).

I also gathered some more ideas for a new version of Steganabara (hopefully will be released in a few months - amazing to see the current version already 7 years old :P)

Finally, I have spent some time to create a new beautiful challenge. Hope everyone will enjoy it!

New life

Yo guys, it’s been a long time!

So many things have happened, but to make story short: I got married, had a baby boy, met 2 great Singaporeans last month, and now I’m in Thailand.

The “garlic snow pizza” was awesome, and so was the beer (pictures to be added later)

And SOAP is probably the biggest invention of all time, if you know what I mean ;-)

 

Update: finally found the pictures of the pizza and the beer!

3DS CTF 2016

3DS CTF was an interesting CTF, which unlike normal CTFs, went on for a whole week. I had plenty of time to enjoy the challenges. Below are write-ups for some of them.

Stego 100: Excaliflag

The file is a png image with nothing hidden in the binary data. Quick analysis with Steganabara shows that there's not much distortion with the RGB values, this means the flag is either hidden in the LSB values, or an advanced method is used. For only 100 points, of course the former is true.

Playing with the blue bits in Steganabara's Bit Mask Filter and you'll get the flag:

Stego 300: 0liver "Imaged"

By looking at the magic bytes in the binary data, it's easy to see that there is a png image appended at the end of the jpg image. Looking at the png image, it's clear that the flag is hidden in the R and G values of the first few lines. Extract the R and G values and you'll get an ELF file that prints out the flag.

Stego 300: We also have memes!

The flag is hidden in the image using an algorithm in which p and offset are unknown. However, they are small enough to be brute-forced. The flag format is 3DS{}, so this is more like a known plain-text attack with the image as the ciphertext.

(to be continued)

Update: not continued because it's been a long time and I don't remember the continuation. Also, I'm busy (and lazy :P)