During this week, there was ongoing qualification CTF by Kaspersky, It had nice challenges, I usually play with OpenToAll team, but this time I had a chance to play with few friends, Our team managed to solve 3 challenges, I am going to discuss one of them now and the remaining 2 will be topics for another post(s).
The smart home system has the function of remote monitoring of what is happening in the home and every few minutes sends pictures of the surveillance cameras to the owner of the house. You successfully intercepted the network traffic of this system, however, its creators took care of the security of their users data and encrypted the pictures. Decrypt the provided image and you will find the flag.
What we have is a encrypted data file that is claimed to be a PNG image.
Checking it with file command shows that it is data file, Knowing that it is
PNG, one can easily know what does the first few bytes decrypt to. Normally a
PNG image would start with
89 50 4e 47. The first thing I tried is xoring
these bytes with the first four bytes in our encrypted file
76 af ba b8
surprisingly the result was
ff ff ff ff!. So it is xor Encryption with the key
0xff.I quickly used rahash2 for decrypting:-
$ rahash2 -D xor -S ff secret_encrypted.png > secret_decrypted.png $ file secret_decrypted.png secret_decrypted.png: PNG image data, 1310 x 321, 8-bit/color RGB, non-interlaced
And that was the picture.