Rating: 5.0
Given python scripts takes md5(salt+flag(i)+index)
Splits md5 hash 2 by 2 and creates blue pixel with it. Since we know procedure we can reverse it.
4x4 block is 1 letter of flag.
Salt is between 1-65536
Pepper is known
Ascii char is between 32-126
Since numbers is not big we can bruteforce.
```
from __future__ import print_function
from PIL import Image
from hashlib import md5
import sys
from itertools import product
im= Image.open("release.png")
pix = im.load()
hashes= []
for k in range(20):
hashes.append(''.join([("%02x" % pix[k*32+it[1]*8,it[0]*8][2]) for it in product(range(4),repeat=2)]))
print(hashes)
for idx,block in enumerate(hashes):
for asciiChar in range(32,126):
for salt in range (2**16-1,):
pepper = str(idx)
myhash = md5(str(salt)+chr(asciiChar).encode('utf')+pepper).hexdigest()
if str(myhash) == block :
print(chr(asciiChar),end="")
sys.stdout.flush()
break
else:
continue
break
```
Prints :
```
MCA-27c0384c33a93172
```
Nice write up :).
You can also sys.stdout.write() instead of print(, end=''). Not really any different, but feels a bit cleaner if you're already doing a sys.stdout.flush.