Secrets

Description

Author: clides

Being the APT (advanced persistent troll) he is, clides continued to play around with Claudio Pacheco's laptop without him knowing. He even gained access to Claudio's friend's device. On that device, he found this strange looking file and he wants to know what it contains.

Can you help clides retrieve hidden info from this file?

foren3.zip

Analysis

We are given a file without extension

└─$ file BxM_Foren3                                                                   
BxM_Foren3: data

Using exiftool shows us

File Type                       : BMP
File Type Extension             : bmp
MIME Type                       : image/bmp

Let's change the extension and try to open it

└─$ mv BxM_Foren3 BxM_Foren3.bmp 

└─$ display ./BxM_Foren3.bmp

Image is distorted and contains a fake flag (from sarcasm). So where is the flag? Since file looks damaged we should restore it.

The easiest way is to fix image files are to compare them to "not broken" images.

I have outlined interesting bytes, interesting because it says DEAD (has to do something with damage to file) and it repeats twice. I replaced the values from the right (image) and when we reopen image something changes!

Ok.. The colors are fixed but image is still distorted. What did we change to effect image?

Let's look at the BMP anatomy here

1. First part which we changed was The offset

2. The second part Header Size

Solution

After fiddling around the bits and bytes I found that manipulating the 3rd & 4th byte shift the image vertically. The best bytes that worked are The offset = 01 00 03 00

PS

Looks like I found a "not intended" way to solve the challenge.

Similar challenge can be found on PicoCTF, tunn3l_v1s10n writeup with "intended" (or correct) way to solve it.

PreviousNew Website NextSelfie

Last updated 8 months ago

hashtagDescription

hashtagAnalysis

hashtagSolution

hashtagPS

Description

Analysis

Solution

PS