Check out the official CTF page or the CTFTIME post :)
- FORENSICS
- REVERSING
FORENSICS
The Lost Image Mystery
The Lost Image Mystery was the first forensics challenge that I tackled in this CTF and was a nice warmup. Although the image had the PNG extension, running a file command on it revealed that it was actually seen as a data file.
I inspected the header of the binary file and noticed that the magic number was not indicative of a PNG file.
I decided to try and change the current magic number IF to the correct PNG one to see if this would solve the issue (you can find the numbers here). The problem is, that even after the change, the file wasn’t recognized as a PNG.
I started to suspect that it wasn’t actually a PNG, but something else. It is then when I noticed, that the IHDR chunk was missing from the header. After a quick search, I found out that the IDAT and IEND chunks were also missing. This confirmed my suspicion, as these data chuncks are crucial to the correct structure of a PNG file. If you want to see the PNG binary structure or any other file structure, I highly recommend checking out Corkami’s diagrams over on github!
The IF in the magic number made me think that it might be a JPG file, as it appears in the ISO-8859-1 representation. After chanching to the JPG number, I could finally open the image and get the flag!
PDF Puzzle
The PDF that we got from this challenge was quite odd. Upon opening it, I could see some black bars that were covering random parts of the text. Strangely enough, all but the last one, could be moved to reveal the normal latin text underneath. The last one wasn’t actually covering anything, or maybe, just something we could not see?
In actuality, the solution was much simpler than I expected. When doing the routine inspection on a file and checking the metadata, the flag was hidden in the Author field.
Seele Vellorei
This was a cute one, even if I don’t play Honkay Impact 3rd :). The DOCX that we got didn’t hide any obvious strings so I opened the file.
It contained just some text and an image at the top. Poking around, I searched for the obvious word flag in the file with the searcher and weirdly enough, it seemed like I got a match somewhere. Even though I couldn’t see it, the searcher was bringing me back to the image. After moving it and selecting the supposedly blank space beneath it, I found the hidden flag, white and blending with the background. I liked it better a color I can see it :)
Seele Vellorei - Revenge
REVERSING
Gophers Language
Avengers Assemble
The Broken Sword