Categories
Capture The Flag

VishwaCTF’22 Writeups: Steganography

Below are the Steganography writeups of all the challenges that were being asked in the VishwaCTF’22, organised by Cyber cell VIIT, Pune.

Alien_s Message

Challenge contain audio.wav file, on analyzing that file we can get to know that it contains some glitchy sound.
Maybe audio is being glitched or something is embedded in that audio.
On trying steg tools on it, we get to know Flag is being embedded in audio using Audio LSB method on decrypting that we get Flag
We can get Encoding and decoding algorithm of Audio LSB online anywhere.
Searching and applying that algorithm we can decrypt the flag from Audio.
decrypt.py
import wave
song = wave.open(“audio.wav”, mode=’rb’)
frame_bytes = bytearray(list(song.readframes(song.getnframes())))

extracted = [frame_bytes[i] & 1 for i in range(len(frame_bytes))]
string = “”.join(chr(int(“”.join(map(str, extracted[i:i+8])), 2)) for i in range(0, len(extracted),8))
decoded = string.split(“***”)[0]

print(“Successfully decoded: “+decoded)
song.close()

We get this output.

Wrapping above string into Flag format we can get Flag.
Flag: vishwaCTF{LSB_1n_4ud1o_1s_r4r3}

Archived Note

Writeup for Archived Note:
There is image given in Question, which is QR code, scanning QR code you will get a dictionary of keys which is
{‘public’: (2, 2683, 2576), ‘private’: 1025, ‘k_value’: 847}
QR code also contain a string embedded using Steganography, decoding steganographic image will give string, i.e., 68747470733a2f2f6269742e6c792f33366e4e44635a, which is hex encoded, on decoding that hex string we get a shortened link, https://bit.ly/36nNDcZ .

On visiting the link, it redirects us to Reddit Post, which is deleted.
Now reading Question again, question name states that there’s something archived on internet.
Heading to Way Back Machine, and searching for same link, we get an archived web page with the original post.

There is Python Encryption Script for Elgamal Cipher Encryption, we must write decryption script for the same.
Ciphertext is given in Question and key we got through QR code, passing them through decryption function we get final Flag
decrypt.py
def decrypt(key, message):
 x = key[‘private’]
 p = key[‘public’][1]
 decoded_msg = ”
 for item in message:
 first = item[0]
 second = item[1]
 m = (second * (first ** (p – 1 – x))) % p
 decoded_msg += str(chr(m))
 return decoded_msg

this can be used as decrypt function for Elgamal Cipher.
Decrypting Ciphertext given in Question Description will give us Flag.
Flag: vishwaCTF{elg4m4l_1s_0v3r_p0w3r3d}

Vision

Flag: VishwaCTF{bl1nd3d_by_th3_col0r5}

VishwaCTF'22 Writeups: Steganography 1

Step 1 : we We will use the tool OurSecret which was provided in the #announcements channel on discord to extract data from given file.

OurSecret uses LSB replacement method for steganography and is a general purpose software that can be used for performing steganography for almost all file types like mp4,mp3,wav,png,jpg,bin and many more.

using Oursecret and uploading the image in it we directly get the output of piet png file then we move to step 2

Step 2: In this png file, we can find suspicious color pixels at the edges of the image. The image is actually based on an esoteric programming language called piet. Also the person in the image is Piet Mondrian, a famous Dutch painter. We can use any interpreter to execute the script and get the flag.

Incomplete

Step 1: We will use the tool OurSecret which was provided in the #announcements channel on discord to extract data from given file.
OurSecret uses LSB replacement method for steganography and is a general purpose software that can be used for performing steganography for almost all file types like mp4,mp3,wav,png,jpg,bin and many more.

there is some text on the image provided which is a basic caesar cipher which translates to SECRET MEETING AT THE PALACE
On opening the image in OurSecret we use this as the password to extract flag file

Then we move to step 2

Step 2: From the extracted “flag” file, determine the file format using “file ” command.

Step 3: Add the extension “.mav” to the flag file.

Step 4: Open any sound analyzer (E.g. Sonic visualizer) and open the “flag.mav” file in the analyzer.
Step 5: Go to pane and add “Spectogram” pane to see the flag.

Get the latest tech news and updatesethical hacking tutorials and cybersecurity tips and tricks. Check out MeuSec for more.

Sometimes we include links to online retail stores and/or online campaigns. If you click on one and make a purchase we may receive a small commission.

Comments:

Leave a Reply

Your email address will not be published. Required fields are marked *