CTFtime.org

EasyMisc

by leohearts / Syclover

Rating: 5.0

By using the commands binwalk and file, we found no results
![](https://i.loli.net/2020/07/08/DHLzaXwnNkfMbW1.png)
Based on the title, we're guessing it might be an inversion of hexadecimal.
Here we use the strrev function in PHP for this.
![](https://i.loli.net/2020/07/08/qSJMcaFmRTCilb3.png)
After processing, I opened it and found that it was still reporting an error, considered using winhex to view it, and found that it was a jpg file, so I added the file header(ffd8ff)
![](https://i.loli.net/2020/07/08/uHgpijreytaSC28.png)
Continued to find hints that it is RC4 encryption, but still no flag. test is not LSB steganography, etc. continued winhex view.
![](https://i.loli.net/2020/07/08/1EOcZpewAFDNXTM.png)
Suspicious strings found
xoBTuw36SfH4hicvCzFD9ESj
![](https://i.loli.net/2020/07/08/HF6Et3lYbc7zegv.png)

![](https://i.loli.net/2020/07/08/XqVFYQNTBEGWnge.png)

Comments