19 Sep 2019

Timisoara Quals 2019 Writeup

Only solved one challenge but hey, it's honest work


Team Name: acsii
Position: 12
Score: 3726/5826


Well I only solved one challenge that required some form of brain, so here goes.

Initial Analysis

We’re given an “image”. Running file, we realize it’s not even a proper PNG due to the magic bytes/file signature. Since we’re told it’s a png, the bytes are probably encrypted. In that case, let’s take a look in a hex editor.

If we were to scroll all the way down, all PNGs are supposed to end with \x00\x00\x00\x00IEND, instead we see \x7A\x7A\x7A\x7A\x33\x3f\x34\x3e.

Decrypting the PNG

At first we thought it was a caesar cipher. But the differences between ASCII values of \x33 and I was not the same as \x3f and E. However, for all 4 bytes \x7A to be \x00, we will turn to one of our basics of encryption - XOR. We used the script below to XOR all bytes in the image.

x = [chr(int(pngHexStream[i:i+2],16)^0x7a) for i in range(0, len(he), 2)]
f = open('newJohn.png','wb')
print (ord(x[0]),x[1])

After that we get an image that we can open … sort of.

Retrieving the Flag

The image is partially corrupted. Let’s scroll through the hex dump again.

We notice a very odd string HATZ-fL4G which was probably what the clue in the image was trying to tell us. But the text looks like absolute trash so let’s go back to the goto cipher - Caesar Cipher. Using a simple script below we get the flag.

inp = "HATZ-fL4G: WLPFWI~Eudy3bm3kqxoh$"
output = ""
for i in inp:
	output += chr(ord(i)-3)
print (output)

Flag: TIMCTF{Brav0_j0hnule!}