Kaspersky CTF Security Home Cameras

During this week, there was ongoing qualification CTF by Kaspersky, It had nice challenges, I usually play with OpenToAll team, but this time I had a chance to play with few friends, Our team managed to solve 3 challenges, I am going to discuss one of them now and the remaining 2 will be topics for another post(s).

The challenge

The smart home system has the function of remote monitoring of what is happening in the home and every few minutes sends pictures of the surveillance cameras to the owner of the house. You successfully intercepted the network traffic of this system, however, its creators took care of the security of their users data and encrypted the pictures. Decrypt the provided image and you will find the flag.


What we have is a encrypted data file that is claimed to be a PNG image. Checking it with file command shows that it is data file, Knowing that it is PNG, one can easily know what does the first few bytes decrypt to. Normally a PNG image would start with 89 50 4e 47. The first thing I tried is xoring these bytes with the first four bytes in our encrypted file 76 af ba b8 surprisingly the result was ff ff ff ff!. So it is xor Encryption with the key 0xff.I quickly used rahash2 for decrypting:-

$ rahash2 -D xor -S ff secret_encrypted.png > secret_decrypted.png
$ file secret_decrypted.png
secret_decrypted.png: PNG image data, 1310 x 321, 8-bit/color RGB, non-interlaced

And that was the picture. flag