VishwaCTF: Garfeld? Forensics
Opening the Garfield.wav in Audacity.
https://pastebin.com/kTX7HTmmThis link leads us to another part of the challenge.
If you notice this “FF D9” thing, It’s a trail file signature of jpeg.
Based on this article, JPEG file signature starts with “FF D8 FF” and ends with “FF D9”.
In this challenge, it start with “D2 7F 92”. So I add the “FF D8 FF”.
D27F92398FD92D384946000101010060
00600000FFE1002E4578696600004D4D
002A0000000800025100000400000001FFD8FFD27F92398FD92D384946000101010060
00600000FFE1002E4578696600004D4D
002A0000000800025100000400000001
Then copy and compress the data then put to test.txt file.
┌──(root💀kali)-[/home/kali/CTF/vishwa/Garfield]
└─# cat test.txt | tr -d '\n' > test1.txtand reverse compile using xxd command.
┌──(root💀kali)-[/home/kali/CTF/vishwa/Garfield]
└─# xxd -r -p test1.txt > new.jpgopen the new.jpg file.
I thought it was an eazypezzy flag but no, there’s another challenge.
xjslxjKCH{i_hidtqw_npvi_mjajioa}
Since it is encrypted, I looked for another clue in the image.
So the word “DATE” looks suspicious and gives me a hint that this might be the key or well, at least it gives me the idea that it needs a key to decode/decrypt the flag.
unfortunately, NO.
Since I know the flag format : vishwaCTF{}
I ended up bruteforcing the key, first letter A to Z then next letter until I satisfy the “vishwaCTF” format on the output. xD
c
cb
cbae
cbaebjij ← — Vigenere decode key.
It was a tedous job to be honest, I wish I’m a hardcore python programmer hehe
FLAG:
vishwaCTF{h_heckin_love_lasagna}
vishwaCTF{i_heckin_love_lasagna}
Thank you for your time reading this write up, I hope you learn something. :D
-p0isonp4wn:Sumi
Shout out to Kashmir54!!
