--- title: AperiCTF 2019 - [Stegano] Special Cookie Recipe (50 points) author: Maltemo tags: CTF, AperiCTF, Stegano, Binary, UpperCase --- AperiCTF 2019 - [Stegano] Special Cookie Recipe (50 points) === Written by [Maltemo](https://twitter.com/Maltemo), member of team [SinHack](https://sinhack.blog/) [TOC] ___ ## Statement of the challenge ### Description Un ami m'a donné une recette pour faire des cookies, mais il me semble qu'il a quelque chose d'autre à me dire... Mais quoi ? Aide moi à retrouver son message s'il te plaît ! ### File `chall_cookies.txt` ``` rEcette CoOkIes pouR 20 cOokIes : IngReDIeNTS : -75G dE SuCRe en POuDRe -1 OeuF -1 sAChet De lEVuRE CHiMIQuE -125g De FArINe -1/2 brIQue De CrEME fRaicHE EpAissE -100G de ChOcOLAT EnViron preparation : 1 : verser dans un saladier : sucre, oeuf, creme 2 : melanger 3 : rajouter farine et levure 4 : melanger 5 : ajouter les pepites de chocolat et melanger 6 : prechauffer le four a 180deg 7 : disposer les cookies sur du papier sulfurise 8 : laisser cuire environ 10 minutes 9 : enjoy ``` ## Analysis When you start a steganography challenge, first step (after reading the description) consists in finding some odd elements in the files. In this case, I immediatly saw the upper case letters. When you have possibly two states elements like this (by two state I mean boolean), try to decode it as binary. So I tried :smile: ! I kept only the first part, because later in the text, there were no more upper case letters : ``` rEcette CoOkIes pouR 20 cOokIes : IngReDIeNTS : -75G dE SuCRe en POuDRe -1 OeuF -1 sAChet De lEVuRE CHiMIQuE -125g De FArINe -1/2 brIQue De CrEME fRaicHE EpAissE -100G de ChOcOLAT EnViron ``` Then I wrote this javascript code to get the binary : ```javascript= //Message splitted in an array every carriage return. Could have made it dynamic by reading file, but I'm lazy sometimes let encoded_message = ["rEcette CoOkIes pouR 20 cOokIes :" ,"IngReDIeNTS :","-75G dE SuCRe en POuDRe","-1 OeuF-1 sAChet De lEVuRE CHiMIQuE","-125g De FArINe-1/2 brIQue De CrEME fRaicHE EpAissE","-100G de ChOcOLAT EnViron"] let binary_message = "" //Reading each line encoded_message.forEach(function(line){ //Reading each letter line.split("").forEach(function(letter){ //If the letter is not a special character or a number if(letter.match(/[a-z]/i)){//isNaN(letter) && //add to the binary message 1 if the letter is upper case and 0 if it isn't binary_message += (letter.toUpperCase() === letter) ? "1" : "0"; } }); }); console.log(binary_message); ``` **Fun fact :** on my first try I forgot about numbers and special chars, so I got a really weird message, but the first letters were matching the beginning of the flag, so I kept trying in this direction To start the program, just run : ```bash node decode_cookie.js ``` :::warning The previous command will work if nodejs is installed on your computer, if you called your js file exactly the same and if you are in the same directory of the file on your console. ::: We get this nice output : ``` 010000010101000001010010010010110111101101100011011010010110001001101111011101010110110001100101011101000111010001100101011111010000 ``` :::danger If you are trying by yourself, before giving up a track with binary data, **try the two possible ways** (upperCase=0 lowerCase=1 and upperCase=1 lowerCase=0). It would be a shame to miss the flag like this :disappointed: ! ::: Now lets try to conver it to ascii characters with [this website](https://www.branah.com/ascii-converter) : ``` APRK{ciboulette}0000 ``` The zero a the end are meaning that the end of the message didn't contain anymore information. :::success **And we got the flag !** *(by the way, wtf ??? ciboulette in :cookie:s ?? shame :bell:! shame :bell:!)* ::: ## Solution ### TL;DR The flag was hidden in binary with upper case and lower case letters. ### Flag The flag is **APRK{ciboulette}** ___ <a rel="license" href="http://creativecommons.org/licenses/by-nc-nd/4.0/"><img alt="Creative Commons License" style="border-width:0" src="https://i.creativecommons.org/l/by-nc-nd/4.0/88x31.png" /></a><br />This work is licensed under a <a rel="license" href="http://creativecommons.org/licenses/by-nc-nd/4.0/">Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License</a>.
Last changed by  
Maltemo
547

Read more

AperiCTF 2019 - [OSINT] Hey DJ (175 points)

Written by Maltemo, member of team SinHack

12/13/2023
SharkyCTF 2020 - [Web] Containment Forever (300pts)

SharkyCTF 2020 - [Web] Containment Forever (300pts) Written by Maltemo, member of team SinHack. [TOC] Statement of the challenge Description Hello, welcome on "Containment Forever"! There are 2 categories of posts, only the first is available, get access to the posts on the flag category to retrieve the flag. containment-forever.sharkyctf.xyz

5/11/2020
SharkyCTF 2020 - [Forensic] Romance Dawn (100pts)

SharkyCTF 2020 - [Forensic] Romance Dawn (100pts) Written by Maltemo, member of team SinHack. [TOC] Statement of the challenge Description Whoops. It seems Luffy played with my picture and I'm not able to open it anymore. Please help me. Creator: 2phi

5/11/2020
SharkyCTF 2020 - [Forensic] Pain In The Ass (200pts)

SharkyCTF 2020 - [Forensic] Pain In The Ass (200pts) Written by Maltemo, member of team SinHack. [TOC] Statement of the challenge Description It looks like someone dumped our database. Please help us know what has been leaked ... Creator: 2phi

5/11/2020
Read more from Maltemo
Published on HackMD