Tags: stegano encodeing
Rating:
---- Writeup ----
CTF: BACKDOOR 2014
Problem: misc-250-2
Author: Dr.Optix
All rights reserved.
NOTE: my first ever published writeup. it is based on the notes i take while i solve a problem
-----------------
Hint: Are you kidding me? Character recognition seriously?
I don't know yet but I should do what the hint says, but first I will do basic
recon.
$ file backdoor.bmp
backdoor.bmp: PC bitmap, Windows 3.x format, 400 x 150 x 24
$ exiftool backdoor.bmp
ExifTool Version Number : 9.46
File Name : backdoor.bmp
Directory : .
File Size : 176 kB
File Modification Date/Time : 2014:03:22 23:31:41+02:00
File Access Date/Time : 2014:03:22 23:31:42+02:00
File Inode Change Date/Time : 2014:03:22 23:31:41+02:00
File Permissions : rw-rw-r--
File Type : BMP
MIME Type : image/bmp
Image Width : 400
Image Height : 150
Planes : 1
Bit Depth : 24
Compression : None
Image Length : 180000
Pixels Per Meter X : 1
Pixels Per Meter Y : 1
Num Colors : Use BitDepth
Num Important Colors : All
Image Size : 400x150
The hexdump shows some out of order pixels, but I don't know yet if that is
helpful or just garbage.
I found some interesting pixels using gimp. It looks like some morse code in
the upper left corner (check pixels-show.bmp).
Converted to morse it is (partial):
- .- .- --.--. - -- - (TAAGGTMT )
That's not really interesting.
I will try binary:
01100010 01100001 01100011
Bingo!
It is binary and I have to code "sdslabs" instead of "backdoor".
Binary:
01110011 01100100 01110011 01101100 01100001 01100010 01110011
I created login-image.png
Bingo!
I had to use the same backdoor.bmp and only replace the encoded
message. The encoded pixels are not #000000, but #010101
After login I got the next message:
Logged in as sdslabs
Congrats the flag is practice_makes_one_perfect
Final flag:
md5(practice_makes_one_perfect) = c16a3c8504985a8c91956c29f7338184
~ Q.E.D
