Monday, March 10, 2014

RuCTF Quals 2014

Another great CTF with many challenges in all categories just ended. Our team was #7. Nana. Not too bad, but it was so annoying that without a network specialist we could not solve admin 200 task "Troubleshooting" which 97 other teams solved with ease.

Below are some write-ups. Hopefully they can give new players an introduction to steganalysis.

stegano 100: Cat's eye

This is an easy GIF stegano, but it took me quite a while analysing the image until I noticed it contained 8 similar frames which wasn't easy to notice in GIMP by default (note to myself: next time check the frames first). It is common sense to combine them and find the differences. The positions of the different pixels are as marked below:

It isn't very straightforward, but the flag is hidden here in binary representation. Using black pixels as 0s and green pixels as 1s give you the flag: RUCTF_e4dd9f5cee307b322c3a27abe66e3df9

stegano 300: Nyan-task

This is a very famous image. By finding and comparing it with the original image it can be concluded that there is no information hidden visually. Analysis with Caesum's StegSolve brought me to the conclusion that the only place to hide the flag is inside the palette. It is also suspicious to see only 14 colors used for the image while the palette contains 256 colors with a lot of repetition.

After extracting the palette I found out that this is actually a DataMatrix barcode (thanks stypr). The rest is easy. The hidden text is, which is a link to the flag: RUCTF_ca8250c2b4b50581afc9ffd1f403f3f2

crypto 200: Mary Queen

The task is to decipher a message written in Chinese characters. The title suggests that this is similar to the cipher used by Mary Queen of Scots, which is a cryptosystem in which simple substitution is used. This cipher is so weak that many tools have been created to solve it automatically, SCBSolvr is one of them. The decrypted text is chapter I of Alice's Adventures in Wonderlands by Lewis Carroll. The name of the book is also the flag.

No comments: