CTFHub

Writeup

unseen

发表于 更新于 分类于
Challenge | 2020 | CSICTF | Forensics | unseen

点击此处获得更好的阅读体验

WriteUp来源

https://dunsp4rce.github.io/csictf-2020/forensics/2020/07/22/unseen.html

by vishalananth

题目描述

With his dying breath, Prof. Ter Stegen hands us an image and a recording. He tells us that the image is least significant, but is a numerical key to the recording and the recording hides the answer. It may seem as though it's all for nothing, but trust me it's not.

https://mega.nz/file/cmhnAQDB#9dbHojKcxzliZ5NAYtGBN7N8WHCqtoU7kKa5yuJzG0w

https://mega.nz/file/h75UCIRJ#YGF3yCViKSQpwogmMgkdPQ1DXMez9Sv2DZBUWvCueSY

题目考点

解题思路

We open the Image using Stegsolve.jar and we get the numerical key in RGB Pane 0

So using this code we can use steghide to get hidden data from the wav file with

1
steghide --extract -cf morse.wav -p 42845193

We get a flag.txt file which is empty. Opening it in hex editor we see

1
2
3
4
5
6
7
8
9
00000000: 2020 2009 0920 2020 0909 0d0a 090d 0a20     ..   ....... 
00000010: 2020 2020 0909 0920 2009 090d 0a09 0d0a      ...  .......
00000020: 2020 2020 2009 0920 0920 2009 0d0a 090d       .. .  .....
00000030: 0a20 2020 2020 0909 2020 2009 090d 0a09  .     ..   .....
00000040: 0d0a 2020 2020 2009 0909 2009 2020 0d0a  ..     ... .  ..
00000050: 090d 0a20 2020 2020 0909 2020 0909 200d  ...     ..  .. .
00000060: 0a09 0d0a 2020 2020 2009 0909 0920 0909  ....     .... ..
00000070: 0d0a 090d 0a20 2020 2020 2009 0920 0909  .....      .. ..
00000080: 090d 0a09 0d0a 2020 2020 2009 0920 0920  ......     .. .

We find out that the ascii for these hex codes are

1
2
3
20 - Space
09 - Tab
0d0a - \r\n

So googling "file with only tab and space ctf" we come across this writeup written by John Hammond. Following the steps given and replacing \t with 1 and ' ' with 0, we get the flag.

Flag

1
csictf{7h47_15_h0w_y0u_c4n_83c0m3_1nv151813}