Context :

This week-end, I participated in the Defcamp Capture the Flag 2020 with my team RootMeUpBeforeYouGoGo We have been ranked 10th.

Description

We intercepted some weird requests. See if you can extract some useful information.

Solution

We are given a pcap file.

Looking into the objects in Wireshark, we see some .png files.

I exported with Wireshark all the png files, and looking into one we see it’s a disco flavored QR code :

QRCode1.png

I could not decode the QR with these colors, so with 2-3 manipulations in Gimp I transformed it into more traditional QR code colors and it gave me one char.

So, probably, one qr code is one flag’s character.

For the character’s position in the flag, we have it in the exif metadata in the comment :

ExifTool Version Number         : 12.00
File Name                       : qrmania1.png
Directory                       : .
File Size                       : 1371 bytes
File Modification Date/Time     : 2020:12:07 13:55:41+01:00
File Access Date/Time           : 2020:12:07 13:55:41+01:00
File Inode Change Date/Time     : 2020:12:07 13:55:41+01:00
File Permissions                : rw-r--r--
File Type                       : PNG
File Type Extension             : png
MIME Type                       : image/png
Image Width                     : 310
Image Height                    : 310
Bit Depth                       : 8
Color Type                      : RGB
Compression                     : Deflate/Inflate
Filter                          : Adaptive
Interlace                       : Noninterlaced
Warning                         : [minor] Text chunk(s) found after PNG IDAT (may be ignored by some readers)
Comment                         : 20/69
Image Size                      : 310x310
Megapixels                      : 0.096

Then, I made a python’s script in order to :

  • Get the char’s position in the flag
  • Transform the QR code into black and white
  • Decode the QR Code
  • Get the flag \o/
from PIL import Image
from PIL.ExifTags import TAGS
from os import listdir
from os.path import isfile, join
from pyzbar.pyzbar import decode
from pwn import log

flag=list("_"*69)

onlyfiles = [f for f in listdir('/home/abh/qrcode/') if isfile(join('/home/abh/qrcode/', f))]
onlyfiles = sorted(onlyfiles)
onlyfiles.remove('solve.py')

p = log.progress('Decoding the QR Codes')

for f in onlyfiles:
    im = Image.open(f)
    im.load()
    position = int(im.info['Comment'][:2].replace('/',''))
    width = im.size[0] 
    height = im.size[1] 
    color0 = im.getpixel((0,0))
    color1 = im.getpixel((50,50))
    for i in range(0,width):
        for j in range(0,height):
            data = im.getpixel((i,j))
            if data == color0:
                im.putpixel((i,j),(255,255,255))
            elif data == color1:
                im.putpixel((i,j),(0,0,0))
    flag[position-1]=decode(im)[0].data.decode()
    p.status("".join(flag))
    im.close()

flag = "".join(flag)

p.success(flag)

solve.gif