Skip to content

The Keymaker

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History

The Keymaker

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 

README.md

The Keymaker

1

In this CTF we are given with a image The-Keymaker.jpg. So first of all we will find all the deatils of the image using exiftool. If you are using linux install it using sudo apt install exiftool.

Fire exiftool The-Keymaker.jpg in the terminal.

2

We can see under the comment flag CTFlearn{TheKeymakerIsK00l} but if you will try that it will not work. So now we will find if there are other comments or not.

Fire file The-Keymaker.jpg in the terminal.

3

So we can see there are two base64 strings in the comments. So we will decode that one by one.

Fire echo b3BlbnNzbCBlbmMgLWQgLWFlcy0yNTYtY2JjIC1pdiBTT0YwIC1LIFNPUyAtaW4gZmxhZy5lbmMg | base64 -d in the terminal.

10

So we found the string openssl enc -d -aes-256-cbc -iv SOF0 -K SOS -in flag.enc. So we now know that we need three things to decode flag

SOF0 (Start Of Frame) key,
SOS (Start Of Scan) key and
flag.enc file

Don't worry we will come to the point what is SOS and SOF0, first let us see what the second base64 string gives us.

Fire echo mmtaSHhAsK9pLMepyFDl37UTXQT0CMltZk7+4Kaa1svo5vqb6JuczUqQGFJYiycY | base64 -d in the terminal.

4

So we can see that it gives a Unicode Text. So this makes us understand this is our flag to be decoded so it is our flag.enc so we will store the contents in flag.enc.

Fire echo mmtaSHhAsK9pLMepyFDl37UTXQT0CMltZk7+4Kaa1svo5vqb6JuczUqQGFJYiycY | base64 -d > flag.enc in the terminal. Then check its content using cat.

5

Now we need SOS key and SOF0 key. First We will find out where is the starting of SOS & SOF0 Key.

For SOS

SOS
  start of scan
  0xFF 0xDA
  Complicated. See below for details.



So we know SOS starts as 0xFF 0xDA. So we will open the The-Keymaker.jpg in hex editor and select 32 bits after the start of SOS as the size of SOS is 32 bits. Use any hex editor u find relavant I m using bless.

Fire bless The-Keymaker.jpg in the terminal. Press Ctrl+f to find and search FF DA and copy 32 bits excluding FF DA.

7

Paste the 32 bits strings in any text editor and remove the spaces between them the resultant string would be:
000C03010002110311003F00F9766BFC44BEDA8F3F5C031B92CB0E92D6BDC952

Now we have to do the same with SOF0.

For SOF0

SOF0 	
  start of frame (baseline DCT)
  0xFF 0xC0
  Variable size. Typically 0x00 0x11 (17 bytes) for images with 3 components (e.g., YCrCb).



Now we know SOF0 starts as 0xFF 0xC0. Repeat the same and find for FF C0 and copy the string till the next FF including FF C0 and paste it in any text editor and remove FF C0 00 11 from the pasted string as it defines the size of SOF0.

6

The resultant string would be:

0800BE00C803011100021101031101FF

Now we have got all the things to decode our flag.enc. Now we will prepare the decoding statement by combining the keys. The statement will be:

openssl enc -d -aes-256-cbc -iv 0800BE00C803011100021101031101FF -K 000C03010002110311003F00F9766BFC44BEDA8F3F5C031B92CB0E92D6BDC952 -in flag.enc

Now we will fire the above statement and store the decoded message in flag or flag.txt file.

Fire openssl enc -d -aes-256-cbc -iv 0800BE00C803011100021101031101FF -K 000C03010002110311003F00F9766BFC44BEDA8F3F5C031B92CB0E92D6BDC952 -in flag.enc > flag in the terminal.

8

Now we will see the content of flag or flag.txt using cat.

9

So finally we have our flag.

Flag is : CTFlearn{Ne0.TheMatrix}