VishwaCTF: Garfeld? Forensics

VishwaCTF is a beginner-friendly jeopardy style CTF.

Opening the Garfield.wav in Audacity.

https://pastebin.com/kTX7HTmm

This link leads us to another part of the challenge.

If you notice this “FF D9” thing, It’s a trail file signature of jpeg.

Based on this article, JPEG file signature starts with “FF D8 FF” and ends with “FF D9”.

In this challenge, it start with “D2 7F 92”. So I add the “FF D8 FF”.

D27F92398FD92D384946000101010060
00600000FFE1002E4578696600004D4D
002A0000000800025100000400000001
FFD8FFD27F92398FD92D384946000101010060
00600000FFE1002E4578696600004D4D
002A0000000800025100000400000001

Then copy and compress the data then put to test.txt file.

┌──(root💀kali)-[/home/kali/CTF/vishwa/Garfield]
└─# cat test.txt | tr -d '\n' > test1.txt

and reverse compile using xxd command.

┌──(root💀kali)-[/home/kali/CTF/vishwa/Garfield]
└─# xxd -r -p test1.txt > new.jpg

open the new.jpg file.

I thought it was an eazypezzy flag but no, there’s another challenge.

xjslxjKCH{i_hidtqw_npvi_mjajioa}

Since it is encrypted, I looked for another clue in the image.

So the word “DATE” looks suspicious and gives me a hint that this might be the key or well, at least it gives me the idea that it needs a key to decode/decrypt the flag.

unfortunately, NO.

Since I know the flag format : vishwaCTF{}
I ended up bruteforcing the key, first letter A to Z then next letter until I satisfy the “vishwaCTF” format on the output. xD
c
cb
cbae
cbaebjij ← — Vigenere decode key.

It was a tedous job to be honest, I wish I’m a hardcore python programmer hehe

FLAG:

vishwaCTF{h_heckin_love_lasagna}
vishwaCTF{i_heckin_love_lasagna}

Thank you for your time reading this write up, I hope you learn something. :D

-p0isonp4wn:Sumi

Shout out to Kashmir54!!