The qualification round just ended today. Our team finished at rank #9. Chinese new year is coming soon so I only managed to catch up with the guys for just a little more than one hour. During that short period of time our team impressed even ourselves by solving 3 challenges and jumped back to top 10. I was involved in 1 of the challs: a ucucuga challenge titled "mp3 me".
The challenge is basically an mp3 stegano. After examining the file we came to a conclusion that there was no where else to hide the flag other than in the id3 part of the file.
Now this is the part where losers are separated from winners. The RGB tags and the presentation of values in triplets make most people try to find a way to get an image, but they are actually just red herrings. The real clue here is the occurrence of NULL. It suggests the end of a message. After trying some conversion, I found out that "78-9c" (hex values of 120-156) was the signature of zlib compressed data, and with that dloser was able to quickly recover the precious flag.
<dloser> >>> zlib.decompress('789ccb8ccf482c498d2f4d06c2f444002a9f05b7'.decode('hex')) <dloser> 'i_hate_ucucuga'
Solving challenges is fun, and it's even more thrilling when there is a time limit. Oh, it is also good to be able to let everyone know how you solved them, not just limited to the solvers as on normal challenge sites.