theon-1/picoCTF
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

investigative reversing 1/2

Browse Source
This commit is contained in:
Maxime Vorwerk
2024-06-10 11:53:53 +02:00
parent 278bcedb4d
commit 51f73a6584
41 changed files with 166 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
investigative_reversing_1/.ghidra.test.lock~~ Normal file
View File

0
investigative_reversing_1/investigative_reversing_1.gpr Normal file
View File

11
investigative_reversing_1/investigative_reversing_1.rep/idata/00/00000000.prp Normal file
View File

@@ -0,0 +1,11 @@
<?xml version="1.0" encoding="UTF-8"?>
<FILE_INFO>
<BASIC_INFO>
<STATE NAME="CONTENT_TYPE" TYPE="string" VALUE="Program" />
<STATE NAME="PARENT" TYPE="string" VALUE="/" />
<STATE NAME="FILE_ID" TYPE="string" VALUE="c0a8b293fee9112496591890100" />
<STATE NAME="FILE_TYPE" TYPE="int" VALUE="0" />
<STATE NAME="READ_ONLY" TYPE="boolean" VALUE="false" />
<STATE NAME="NAME" TYPE="string" VALUE="mystery" />
</BASIC_INFO>
</FILE_INFO>

BIN
investigative_reversing_1/investigative_reversing_1.rep/idata/00/~00000000.db/db.1.gbf Normal file
View File

Binary file not shown.

BIN
investigative_reversing_1/investigative_reversing_1.rep/idata/00/~00000000.db/db.2.gbf Normal file
View File

Binary file not shown.

4
investigative_reversing_1/investigative_reversing_1.rep/idata/~index.bak Normal file
View File

@@ -0,0 +1,4 @@
VERSION=1
/
NEXT-ID:0
MD5:d41d8cd98f00b204e9800998ecf8427e

5
investigative_reversing_1/investigative_reversing_1.rep/idata/~index.dat Normal file
View File

@@ -0,0 +1,5 @@
VERSION=1
/
00000000:mystery:c0a8b293fee9112496591890100
NEXT-ID:1
MD5:d41d8cd98f00b204e9800998ecf8427e

2
investigative_reversing_1/investigative_reversing_1.rep/idata/~journal.bak Normal file
View File

@@ -0,0 +1,2 @@
IADD:00000000:/mystery
IDSET:/mystery:c0a8b293fee9112496591890100

6
investigative_reversing_1/investigative_reversing_1.rep/project.prp Normal file
View File

@@ -0,0 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<FILE_INFO>
<BASIC_INFO>
<STATE NAME="OWNER" TYPE="string" VALUE="MaximeVorwerk" />
</BASIC_INFO>
</FILE_INFO>

15
investigative_reversing_1/investigative_reversing_1.rep/projectState Normal file
View File

@@ -0,0 +1,15 @@
<?xml version="1.0" encoding="UTF-8"?>
<PROJECT>
<PROJECT_DATA_XML_NAME NAME="DISPLAY_DATA">
<SAVE_STATE>
<ARRAY NAME="EXPANDED_PATHS" TYPE="string">
<A VALUE="investigative_reversing_1:" />
</ARRAY>
<STATE NAME="SHOW_TABLE" TYPE="boolean" VALUE="false" />
</SAVE_STATE>
</PROJECT_DATA_XML_NAME>
<TOOL_MANAGER ACTIVE_WORKSPACE="Workspace">
<WORKSPACE NAME="Workspace" ACTIVE="true" />
</TOOL_MANAGER>
</PROJECT>

11
investigative_reversing_1/investigative_reversing_1.rep/user/00/00000000.prp Normal file
View File

@@ -0,0 +1,11 @@
<?xml version="1.0" encoding="UTF-8"?>
<FILE_INFO>
<BASIC_INFO>
<STATE NAME="CONTENT_TYPE" TYPE="string" VALUE="ProgramUserData" />
<STATE NAME="PARENT" TYPE="string" VALUE="/" />
<STATE NAME="FILE_ID" TYPE="string" VALUE="c0a8b293c1df114244577388000" />
<STATE NAME="FILE_TYPE" TYPE="int" VALUE="0" />
<STATE NAME="READ_ONLY" TYPE="boolean" VALUE="false" />
<STATE NAME="NAME" TYPE="string" VALUE="udf_c0a8b293fee9112496591890100" />
</BASIC_INFO>
</FILE_INFO>

BIN
investigative_reversing_1/investigative_reversing_1.rep/user/00/~00000000.db/db.1.gbf Normal file
View File

Binary file not shown.

4
investigative_reversing_1/investigative_reversing_1.rep/user/~index.dat Normal file
View File

@@ -0,0 +1,4 @@
VERSION=1
/
NEXT-ID:0
MD5:d41d8cd98f00b204e9800998ecf8427e

2
investigative_reversing_1/investigative_reversing_1.rep/user/~journal.dat Normal file
View File

@@ -0,0 +1,2 @@
IADD:00000000:/udf_c0a8b293fee9112496591890100
IDSET:/udf_c0a8b293fee9112496591890100:c0a8b293c1df114244577388000

4
investigative_reversing_1/investigative_reversing_1.rep/versioned/~index.bak Normal file
View File

@@ -0,0 +1,4 @@
VERSION=1
/
NEXT-ID:0
MD5:d41d8cd98f00b204e9800998ecf8427e

4
investigative_reversing_1/investigative_reversing_1.rep/versioned/~index.dat Normal file
View File

@@ -0,0 +1,4 @@
VERSION=1
/
NEXT-ID:0
MD5:d41d8cd98f00b204e9800998ecf8427e

BIN
investigative_reversing_1/mystery Executable file
View File

Binary file not shown.

BIN
investigative_reversing_1/mystery.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 122 KiB

BIN
investigative_reversing_1/mystery2.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 122 KiB

BIN
investigative_reversing_1/mystery3.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 122 KiB

34
investigative_reversing_1/sol.py Executable file
View File

@@ -0,0 +1,34 @@
#!/home/maxime/.pyvenv/bin/python3
with open("mystery.png", 'rb') as f1, open("mystery2.png", 'rb') as f2, open("mystery3.png", 'rb') as f3:
img1 = f1.read()
img2 = f2.read()
img3 = f3.read()
contents1 = img1[-16:]
contents2 = img2[-2:]
contents3 = img3[-8:]
flag = ['']*26
flag[0] = chr(contents2[0] - 21)
flag[1] = chr(contents3[0])
flag[2] = chr(contents3[1])
flag_3_offset = 0
flag[4] = chr(contents1[0])
flag[5] = chr(contents3[2])
for i in range(6, 10):
flag_3_offset -= 1
flag[i] = chr(contents1[1+i-6])
flag[3] = chr(contents2[1] + flag_3_offset)
for i in range(10, 15):
flag[i] = chr(contents3[3+i-10])
for i in range(15, 26):
flag[i] = chr(contents1[5+i-15])
print(''.join(flag))

0
investigative_reversing_2/.ghidra.test.lock~~ Normal file
View File

BIN
investigative_reversing_2/encoded.bmp Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.4 MiB

0
investigative_reversing_2/investigative_reversing_2.gpr Normal file
View File

9
investigative_reversing_2/investigative_reversing_2.lock Normal file
View File

@@ -0,0 +1,9 @@
#Ghidra Lock File
#Mon Jun 10 10:48:05 CEST 2024
OS\ Name=Windows 11
OS\ Version=10.0
Username=Maxime Vorwerk
Hostname=MAXIMESLAPTOP
<META>\ Supports\ File\ Channel\ Locking=File Lock
OS\ Architecture=amd64
Timestamp=6/10/24, 10\:48 AM

11
investigative_reversing_2/investigative_reversing_2.rep/idata/00/00000000.prp Normal file
View File

@@ -0,0 +1,11 @@
<?xml version="1.0" encoding="UTF-8"?>
<FILE_INFO>
<BASIC_INFO>
<STATE NAME="CONTENT_TYPE" TYPE="string" VALUE="Program" />
<STATE NAME="PARENT" TYPE="string" VALUE="/" />
<STATE NAME="FILE_ID" TYPE="string" VALUE="c0a8b2a0d1e93211312676400" />
<STATE NAME="FILE_TYPE" TYPE="int" VALUE="0" />
<STATE NAME="READ_ONLY" TYPE="boolean" VALUE="false" />
<STATE NAME="NAME" TYPE="string" VALUE="mystery" />
</BASIC_INFO>
</FILE_INFO>

BIN
investigative_reversing_2/investigative_reversing_2.rep/idata/00/~00000000.db/changeA.grf Normal file
View File

Binary file not shown.

BIN
investigative_reversing_2/investigative_reversing_2.rep/idata/00/~00000000.db/changeB.grf Normal file
View File

Binary file not shown.

BIN
investigative_reversing_2/investigative_reversing_2.rep/idata/00/~00000000.db/db.1.gbf Normal file
View File

Binary file not shown.

BIN
investigative_reversing_2/investigative_reversing_2.rep/idata/00/~00000000.db/db.2.gbf Normal file
View File

Binary file not shown.

BIN
investigative_reversing_2/investigative_reversing_2.rep/idata/00/~00000000.db/snapshotA.grf Normal file
View File

Binary file not shown.

BIN
investigative_reversing_2/investigative_reversing_2.rep/idata/00/~00000000.db/snapshotB.grf Normal file
View File

Binary file not shown.

BIN
investigative_reversing_2/investigative_reversing_2.rep/idata/00/~00000000.db/tmp6025800298918234915.ps Normal file
View File

Binary file not shown.

4
investigative_reversing_2/investigative_reversing_2.rep/idata/~index.bak Normal file
View File

@@ -0,0 +1,4 @@
VERSION=1
/
NEXT-ID:0
MD5:d41d8cd98f00b204e9800998ecf8427e

5
investigative_reversing_2/investigative_reversing_2.rep/idata/~index.dat Normal file
View File

@@ -0,0 +1,5 @@
VERSION=1
/
00000000:mystery:c0a8b2a0d1e93211312676400
NEXT-ID:1
MD5:d41d8cd98f00b204e9800998ecf8427e

2
investigative_reversing_2/investigative_reversing_2.rep/idata/~journal.bak Normal file
View File

@@ -0,0 +1,2 @@
IADD:00000000:/mystery
IDSET:/mystery:c0a8b2a0d1e93211312676400

6
investigative_reversing_2/investigative_reversing_2.rep/project.prp Normal file
View File

@@ -0,0 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<FILE_INFO>
<BASIC_INFO>
<STATE NAME="OWNER" TYPE="string" VALUE="MaximeVorwerk" />
</BASIC_INFO>
</FILE_INFO>

4
investigative_reversing_2/investigative_reversing_2.rep/user/~index.dat Normal file
View File

@@ -0,0 +1,4 @@
VERSION=1
/
NEXT-ID:0
MD5:d41d8cd98f00b204e9800998ecf8427e

4
investigative_reversing_2/investigative_reversing_2.rep/versioned/~index.dat Normal file
View File

@@ -0,0 +1,4 @@
VERSION=1
/
NEXT-ID:0
MD5:d41d8cd98f00b204e9800998ecf8427e

BIN
investigative_reversing_2/mystery Executable file
View File

Binary file not shown.

19
investigative_reversing_2/sol.py Executable file
View File

@@ -0,0 +1,19 @@
#!/home/maxime/.pyvenv/bin/python3
with open("encoded.bmp", 'rb') as f:
img = f.read()
flag_len = 50
stego_len = flag_len * 8
stego_start = 2000
encoded_bytes = img[stego_start:stego_start + stego_len]
flag_buffer = [''] * flag_len
for i, flag_char in enumerate(flag_buffer):
char = 0
for j in range(8):
img_char = encoded_bytes[i*8+j]
char |= (img_char & 1) << j
flag_buffer[i] = chr(char + 5)
print(''.join(flag_buffer))