diff --git a/investigative_reversing_1/.ghidra.test.lock~~ b/investigative_reversing_1/.ghidra.test.lock~~
new file mode 100644
index 0000000..e69de29
diff --git a/investigative_reversing_1/investigative_reversing_1.gpr b/investigative_reversing_1/investigative_reversing_1.gpr
new file mode 100644
index 0000000..e69de29
diff --git a/investigative_reversing_1/investigative_reversing_1.rep/idata/00/00000000.prp b/investigative_reversing_1/investigative_reversing_1.rep/idata/00/00000000.prp
new file mode 100644
index 0000000..4b7275d
--- /dev/null
+++ b/investigative_reversing_1/investigative_reversing_1.rep/idata/00/00000000.prp
@@ -0,0 +1,11 @@
+
+
+
+
+
+
+
+
+
+
+
diff --git a/investigative_reversing_1/investigative_reversing_1.rep/idata/00/~00000000.db/db.1.gbf b/investigative_reversing_1/investigative_reversing_1.rep/idata/00/~00000000.db/db.1.gbf
new file mode 100644
index 0000000..4d5a947
Binary files /dev/null and b/investigative_reversing_1/investigative_reversing_1.rep/idata/00/~00000000.db/db.1.gbf differ
diff --git a/investigative_reversing_1/investigative_reversing_1.rep/idata/00/~00000000.db/db.2.gbf b/investigative_reversing_1/investigative_reversing_1.rep/idata/00/~00000000.db/db.2.gbf
new file mode 100644
index 0000000..a179e7e
Binary files /dev/null and b/investigative_reversing_1/investigative_reversing_1.rep/idata/00/~00000000.db/db.2.gbf differ
diff --git a/investigative_reversing_1/investigative_reversing_1.rep/idata/~index.bak b/investigative_reversing_1/investigative_reversing_1.rep/idata/~index.bak
new file mode 100644
index 0000000..b776dc3
--- /dev/null
+++ b/investigative_reversing_1/investigative_reversing_1.rep/idata/~index.bak
@@ -0,0 +1,4 @@
+VERSION=1
+/
+NEXT-ID:0
+MD5:d41d8cd98f00b204e9800998ecf8427e
diff --git a/investigative_reversing_1/investigative_reversing_1.rep/idata/~index.dat b/investigative_reversing_1/investigative_reversing_1.rep/idata/~index.dat
new file mode 100644
index 0000000..9c04d2b
--- /dev/null
+++ b/investigative_reversing_1/investigative_reversing_1.rep/idata/~index.dat
@@ -0,0 +1,5 @@
+VERSION=1
+/
+ 00000000:mystery:c0a8b293fee9112496591890100
+NEXT-ID:1
+MD5:d41d8cd98f00b204e9800998ecf8427e
diff --git a/investigative_reversing_1/investigative_reversing_1.rep/idata/~journal.bak b/investigative_reversing_1/investigative_reversing_1.rep/idata/~journal.bak
new file mode 100644
index 0000000..da1356f
--- /dev/null
+++ b/investigative_reversing_1/investigative_reversing_1.rep/idata/~journal.bak
@@ -0,0 +1,2 @@
+IADD:00000000:/mystery
+IDSET:/mystery:c0a8b293fee9112496591890100
diff --git a/investigative_reversing_1/investigative_reversing_1.rep/project.prp b/investigative_reversing_1/investigative_reversing_1.rep/project.prp
new file mode 100644
index 0000000..9ad0e4c
--- /dev/null
+++ b/investigative_reversing_1/investigative_reversing_1.rep/project.prp
@@ -0,0 +1,6 @@
+
+
+
+
+
+
diff --git a/investigative_reversing_1/investigative_reversing_1.rep/projectState b/investigative_reversing_1/investigative_reversing_1.rep/projectState
new file mode 100644
index 0000000..4a106a8
--- /dev/null
+++ b/investigative_reversing_1/investigative_reversing_1.rep/projectState
@@ -0,0 +1,15 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/investigative_reversing_1/investigative_reversing_1.rep/user/00/00000000.prp b/investigative_reversing_1/investigative_reversing_1.rep/user/00/00000000.prp
new file mode 100644
index 0000000..7489bdf
--- /dev/null
+++ b/investigative_reversing_1/investigative_reversing_1.rep/user/00/00000000.prp
@@ -0,0 +1,11 @@
+
+
+
+
+
+
+
+
+
+
+
diff --git a/investigative_reversing_1/investigative_reversing_1.rep/user/00/~00000000.db/db.1.gbf b/investigative_reversing_1/investigative_reversing_1.rep/user/00/~00000000.db/db.1.gbf
new file mode 100644
index 0000000..d0b42e8
Binary files /dev/null and b/investigative_reversing_1/investigative_reversing_1.rep/user/00/~00000000.db/db.1.gbf differ
diff --git a/investigative_reversing_1/investigative_reversing_1.rep/user/~index.dat b/investigative_reversing_1/investigative_reversing_1.rep/user/~index.dat
new file mode 100644
index 0000000..b776dc3
--- /dev/null
+++ b/investigative_reversing_1/investigative_reversing_1.rep/user/~index.dat
@@ -0,0 +1,4 @@
+VERSION=1
+/
+NEXT-ID:0
+MD5:d41d8cd98f00b204e9800998ecf8427e
diff --git a/investigative_reversing_1/investigative_reversing_1.rep/user/~journal.dat b/investigative_reversing_1/investigative_reversing_1.rep/user/~journal.dat
new file mode 100644
index 0000000..64c1ad4
--- /dev/null
+++ b/investigative_reversing_1/investigative_reversing_1.rep/user/~journal.dat
@@ -0,0 +1,2 @@
+IADD:00000000:/udf_c0a8b293fee9112496591890100
+IDSET:/udf_c0a8b293fee9112496591890100:c0a8b293c1df114244577388000
diff --git a/investigative_reversing_1/investigative_reversing_1.rep/versioned/~index.bak b/investigative_reversing_1/investigative_reversing_1.rep/versioned/~index.bak
new file mode 100644
index 0000000..b776dc3
--- /dev/null
+++ b/investigative_reversing_1/investigative_reversing_1.rep/versioned/~index.bak
@@ -0,0 +1,4 @@
+VERSION=1
+/
+NEXT-ID:0
+MD5:d41d8cd98f00b204e9800998ecf8427e
diff --git a/investigative_reversing_1/investigative_reversing_1.rep/versioned/~index.dat b/investigative_reversing_1/investigative_reversing_1.rep/versioned/~index.dat
new file mode 100644
index 0000000..b776dc3
--- /dev/null
+++ b/investigative_reversing_1/investigative_reversing_1.rep/versioned/~index.dat
@@ -0,0 +1,4 @@
+VERSION=1
+/
+NEXT-ID:0
+MD5:d41d8cd98f00b204e9800998ecf8427e
diff --git a/investigative_reversing_1/mystery b/investigative_reversing_1/mystery
new file mode 100755
index 0000000..8813835
Binary files /dev/null and b/investigative_reversing_1/mystery differ
diff --git a/investigative_reversing_1/mystery.png b/investigative_reversing_1/mystery.png
new file mode 100755
index 0000000..26c4e3c
Binary files /dev/null and b/investigative_reversing_1/mystery.png differ
diff --git a/investigative_reversing_1/mystery2.png b/investigative_reversing_1/mystery2.png
new file mode 100755
index 0000000..daaa493
Binary files /dev/null and b/investigative_reversing_1/mystery2.png differ
diff --git a/investigative_reversing_1/mystery3.png b/investigative_reversing_1/mystery3.png
new file mode 100755
index 0000000..a2f78da
Binary files /dev/null and b/investigative_reversing_1/mystery3.png differ
diff --git a/investigative_reversing_1/sol.py b/investigative_reversing_1/sol.py
new file mode 100755
index 0000000..908b628
--- /dev/null
+++ b/investigative_reversing_1/sol.py
@@ -0,0 +1,34 @@
+#!/home/maxime/.pyvenv/bin/python3
+
+with open("mystery.png", 'rb') as f1, open("mystery2.png", 'rb') as f2, open("mystery3.png", 'rb') as f3:
+ img1 = f1.read()
+ img2 = f2.read()
+ img3 = f3.read()
+
+ contents1 = img1[-16:]
+ contents2 = img2[-2:]
+ contents3 = img3[-8:]
+
+ flag = ['']*26
+
+ flag[0] = chr(contents2[0] - 21)
+ flag[1] = chr(contents3[0])
+ flag[2] = chr(contents3[1])
+ flag_3_offset = 0
+ flag[4] = chr(contents1[0])
+ flag[5] = chr(contents3[2])
+
+ for i in range(6, 10):
+ flag_3_offset -= 1
+ flag[i] = chr(contents1[1+i-6])
+
+ flag[3] = chr(contents2[1] + flag_3_offset)
+
+ for i in range(10, 15):
+ flag[i] = chr(contents3[3+i-10])
+
+ for i in range(15, 26):
+ flag[i] = chr(contents1[5+i-15])
+
+ print(''.join(flag))
+
diff --git a/investigative_reversing_2/.ghidra.test.lock~~ b/investigative_reversing_2/.ghidra.test.lock~~
new file mode 100644
index 0000000..e69de29
diff --git a/investigative_reversing_2/encoded.bmp b/investigative_reversing_2/encoded.bmp
new file mode 100755
index 0000000..0c48b1b
Binary files /dev/null and b/investigative_reversing_2/encoded.bmp differ
diff --git a/investigative_reversing_2/investigative_reversing_2.gpr b/investigative_reversing_2/investigative_reversing_2.gpr
new file mode 100644
index 0000000..e69de29
diff --git a/investigative_reversing_2/investigative_reversing_2.lock b/investigative_reversing_2/investigative_reversing_2.lock
new file mode 100644
index 0000000..f42d981
--- /dev/null
+++ b/investigative_reversing_2/investigative_reversing_2.lock
@@ -0,0 +1,9 @@
+#Ghidra Lock File
+#Mon Jun 10 10:48:05 CEST 2024
+OS\ Name=Windows 11
+OS\ Version=10.0
+Username=Maxime Vorwerk
+Hostname=MAXIMESLAPTOP
+\ Supports\ File\ Channel\ Locking=File Lock
+OS\ Architecture=amd64
+Timestamp=6/10/24, 10\:48 AM
diff --git a/investigative_reversing_2/investigative_reversing_2.rep/idata/00/00000000.prp b/investigative_reversing_2/investigative_reversing_2.rep/idata/00/00000000.prp
new file mode 100644
index 0000000..9174c77
--- /dev/null
+++ b/investigative_reversing_2/investigative_reversing_2.rep/idata/00/00000000.prp
@@ -0,0 +1,11 @@
+
+
+
+
+
+
+
+
+
+
+
diff --git a/investigative_reversing_2/investigative_reversing_2.rep/idata/00/~00000000.db/changeA.grf b/investigative_reversing_2/investigative_reversing_2.rep/idata/00/~00000000.db/changeA.grf
new file mode 100644
index 0000000..dd44cc7
Binary files /dev/null and b/investigative_reversing_2/investigative_reversing_2.rep/idata/00/~00000000.db/changeA.grf differ
diff --git a/investigative_reversing_2/investigative_reversing_2.rep/idata/00/~00000000.db/changeB.grf b/investigative_reversing_2/investigative_reversing_2.rep/idata/00/~00000000.db/changeB.grf
new file mode 100644
index 0000000..88499ac
Binary files /dev/null and b/investigative_reversing_2/investigative_reversing_2.rep/idata/00/~00000000.db/changeB.grf differ
diff --git a/investigative_reversing_2/investigative_reversing_2.rep/idata/00/~00000000.db/db.1.gbf b/investigative_reversing_2/investigative_reversing_2.rep/idata/00/~00000000.db/db.1.gbf
new file mode 100644
index 0000000..b1af176
Binary files /dev/null and b/investigative_reversing_2/investigative_reversing_2.rep/idata/00/~00000000.db/db.1.gbf differ
diff --git a/investigative_reversing_2/investigative_reversing_2.rep/idata/00/~00000000.db/db.2.gbf b/investigative_reversing_2/investigative_reversing_2.rep/idata/00/~00000000.db/db.2.gbf
new file mode 100644
index 0000000..e4ede35
Binary files /dev/null and b/investigative_reversing_2/investigative_reversing_2.rep/idata/00/~00000000.db/db.2.gbf differ
diff --git a/investigative_reversing_2/investigative_reversing_2.rep/idata/00/~00000000.db/snapshotA.grf b/investigative_reversing_2/investigative_reversing_2.rep/idata/00/~00000000.db/snapshotA.grf
new file mode 100644
index 0000000..ef456ac
Binary files /dev/null and b/investigative_reversing_2/investigative_reversing_2.rep/idata/00/~00000000.db/snapshotA.grf differ
diff --git a/investigative_reversing_2/investigative_reversing_2.rep/idata/00/~00000000.db/snapshotB.grf b/investigative_reversing_2/investigative_reversing_2.rep/idata/00/~00000000.db/snapshotB.grf
new file mode 100644
index 0000000..bce231f
Binary files /dev/null and b/investigative_reversing_2/investigative_reversing_2.rep/idata/00/~00000000.db/snapshotB.grf differ
diff --git a/investigative_reversing_2/investigative_reversing_2.rep/idata/00/~00000000.db/tmp6025800298918234915.ps b/investigative_reversing_2/investigative_reversing_2.rep/idata/00/~00000000.db/tmp6025800298918234915.ps
new file mode 100644
index 0000000..38e6d29
Binary files /dev/null and b/investigative_reversing_2/investigative_reversing_2.rep/idata/00/~00000000.db/tmp6025800298918234915.ps differ
diff --git a/investigative_reversing_2/investigative_reversing_2.rep/idata/~index.bak b/investigative_reversing_2/investigative_reversing_2.rep/idata/~index.bak
new file mode 100644
index 0000000..b776dc3
--- /dev/null
+++ b/investigative_reversing_2/investigative_reversing_2.rep/idata/~index.bak
@@ -0,0 +1,4 @@
+VERSION=1
+/
+NEXT-ID:0
+MD5:d41d8cd98f00b204e9800998ecf8427e
diff --git a/investigative_reversing_2/investigative_reversing_2.rep/idata/~index.dat b/investigative_reversing_2/investigative_reversing_2.rep/idata/~index.dat
new file mode 100644
index 0000000..b5daeac
--- /dev/null
+++ b/investigative_reversing_2/investigative_reversing_2.rep/idata/~index.dat
@@ -0,0 +1,5 @@
+VERSION=1
+/
+ 00000000:mystery:c0a8b2a0d1e93211312676400
+NEXT-ID:1
+MD5:d41d8cd98f00b204e9800998ecf8427e
diff --git a/investigative_reversing_2/investigative_reversing_2.rep/idata/~journal.bak b/investigative_reversing_2/investigative_reversing_2.rep/idata/~journal.bak
new file mode 100644
index 0000000..3b4e622
--- /dev/null
+++ b/investigative_reversing_2/investigative_reversing_2.rep/idata/~journal.bak
@@ -0,0 +1,2 @@
+IADD:00000000:/mystery
+IDSET:/mystery:c0a8b2a0d1e93211312676400
diff --git a/investigative_reversing_2/investigative_reversing_2.rep/project.prp b/investigative_reversing_2/investigative_reversing_2.rep/project.prp
new file mode 100644
index 0000000..9ad0e4c
--- /dev/null
+++ b/investigative_reversing_2/investigative_reversing_2.rep/project.prp
@@ -0,0 +1,6 @@
+
+
+
+
+
+
diff --git a/investigative_reversing_2/investigative_reversing_2.rep/user/~index.dat b/investigative_reversing_2/investigative_reversing_2.rep/user/~index.dat
new file mode 100644
index 0000000..b776dc3
--- /dev/null
+++ b/investigative_reversing_2/investigative_reversing_2.rep/user/~index.dat
@@ -0,0 +1,4 @@
+VERSION=1
+/
+NEXT-ID:0
+MD5:d41d8cd98f00b204e9800998ecf8427e
diff --git a/investigative_reversing_2/investigative_reversing_2.rep/versioned/~index.dat b/investigative_reversing_2/investigative_reversing_2.rep/versioned/~index.dat
new file mode 100644
index 0000000..b776dc3
--- /dev/null
+++ b/investigative_reversing_2/investigative_reversing_2.rep/versioned/~index.dat
@@ -0,0 +1,4 @@
+VERSION=1
+/
+NEXT-ID:0
+MD5:d41d8cd98f00b204e9800998ecf8427e
diff --git a/investigative_reversing_2/mystery b/investigative_reversing_2/mystery
new file mode 100755
index 0000000..4a698f8
Binary files /dev/null and b/investigative_reversing_2/mystery differ
diff --git a/investigative_reversing_2/sol.py b/investigative_reversing_2/sol.py
new file mode 100755
index 0000000..cf31d61
--- /dev/null
+++ b/investigative_reversing_2/sol.py
@@ -0,0 +1,19 @@
+#!/home/maxime/.pyvenv/bin/python3
+
+with open("encoded.bmp", 'rb') as f:
+ img = f.read()
+ flag_len = 50
+ stego_len = flag_len * 8
+ stego_start = 2000
+ encoded_bytes = img[stego_start:stego_start + stego_len]
+
+ flag_buffer = [''] * flag_len
+ for i, flag_char in enumerate(flag_buffer):
+ char = 0
+ for j in range(8):
+ img_char = encoded_bytes[i*8+j]
+ char |= (img_char & 1) << j
+ flag_buffer[i] = chr(char + 5)
+
+print(''.join(flag_buffer))
+