investigative reversing 1/2

investigative_reversing_2/investigative_reversing_2.lock

@@ -0,0 +1,9 @@
+#Ghidra Lock File
+#Mon Jun 10 10:48:05 CEST 2024
+OS\ Name=Windows 11
+OS\ Version=10.0
+Username=Maxime Vorwerk
+Hostname=MAXIMESLAPTOP
+<META>\ Supports\ File\ Channel\ Locking=File Lock
+OS\ Architecture=amd64
+Timestamp=6/10/24, 10\:48 AM

investigative_reversing_2/investigative_reversing_2.rep/idata/00/00000000.prp

@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<FILE_INFO>
+    <BASIC_INFO>
+        <STATE NAME="CONTENT_TYPE" TYPE="string" VALUE="Program" />
+        <STATE NAME="PARENT" TYPE="string" VALUE="/" />
+        <STATE NAME="FILE_ID" TYPE="string" VALUE="c0a8b2a0d1e93211312676400" />
+        <STATE NAME="FILE_TYPE" TYPE="int" VALUE="0" />
+        <STATE NAME="READ_ONLY" TYPE="boolean" VALUE="false" />
+        <STATE NAME="NAME" TYPE="string" VALUE="mystery" />
+    </BASIC_INFO>
+</FILE_INFO>

investigative_reversing_2/investigative_reversing_2.rep/idata/~index.bak

@@ -0,0 +1,4 @@
+VERSION=1
+/
+NEXT-ID:0
+MD5:d41d8cd98f00b204e9800998ecf8427e

investigative_reversing_2/investigative_reversing_2.rep/idata/~index.dat

@@ -0,0 +1,5 @@
+VERSION=1
+/
+  00000000:mystery:c0a8b2a0d1e93211312676400
+NEXT-ID:1
+MD5:d41d8cd98f00b204e9800998ecf8427e

investigative_reversing_2/investigative_reversing_2.rep/idata/~journal.bak

@@ -0,0 +1,2 @@
+IADD:00000000:/mystery
+IDSET:/mystery:c0a8b2a0d1e93211312676400

investigative_reversing_2/investigative_reversing_2.rep/project.prp

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<FILE_INFO>
+    <BASIC_INFO>
+        <STATE NAME="OWNER" TYPE="string" VALUE="MaximeVorwerk" />
+    </BASIC_INFO>
+</FILE_INFO>

investigative_reversing_2/investigative_reversing_2.rep/user/~index.dat

@@ -0,0 +1,4 @@
+VERSION=1
+/
+NEXT-ID:0
+MD5:d41d8cd98f00b204e9800998ecf8427e

investigative_reversing_2/investigative_reversing_2.rep/versioned/~index.dat

@@ -0,0 +1,4 @@
+VERSION=1
+/
+NEXT-ID:0
+MD5:d41d8cd98f00b204e9800998ecf8427e

investigative_reversing_2/sol.py

@@ -0,0 +1,19 @@
+#!/home/maxime/.pyvenv/bin/python3
+
+with open("encoded.bmp", 'rb') as f:
+    img = f.read()
+    flag_len = 50
+    stego_len = flag_len * 8
+    stego_start = 2000
+    encoded_bytes = img[stego_start:stego_start + stego_len]
+
+    flag_buffer = [''] * flag_len
+    for i, flag_char in enumerate(flag_buffer):
+        char = 0
+        for j in range(8):
+            img_char = encoded_bytes[i*8+j]
+            char |= (img_char & 1) << j
+        flag_buffer[i] = chr(char + 5)
+
+print(''.join(flag_buffer))
+