ASIS CTF 2022 Quals

# ASIS CTF 2022 Quals ![](https://i.imgur.com/ERzf7f8.png) * [Wormrep](#Wormrep-63) * [Stacked QRs](#Stacked-QRs-83) * [Comopti](#Compoti-114) ## Wormrep (63) ![WormrepDesc](https://i.imgur.com/xIftNTk.png) The challenge gave me a `.klr.enc1` file, after digging for a few minutes, I found out that was an encoded scan report from Kaspersky Virus Removal Tool. So I downloaded KVRT, but before running it, I had to know how the tool reads the report file. Thanks to the [support page](https://support.kaspersky.com/15675) I had to rename the challenge file and put it in C:\KVRT2020\Data\Reports ![ReportFolder](https://i.imgur.com/toFP6Re.png) Opening KVRT and go to report tab, sifted through the report, I found the flag. ![Flag](https://i.imgur.com/6KBzSX2.png) <details> <summary>Flag</summary> ASIS{N07_@ll_v!ru535_@r3_AS_8@d_a5_cov!d} </details> ## Stacked QRs (83) ![StackedQRsDesc](https://i.imgur.com/GMWF0c7.png) Challenge gave me an image: ![Chall](https://i.imgur.com/LzgaGMb.png) According to the description, `no important part of QRs is damaged`, that must mean only the position markers were overlapped. ![QR](https://i.imgur.com/yQXmL5J.png) After examining many QR codes that were mostly intact, I could safely assume the QRs had a dimension of 210x210 and the gaps between the QRs were 70 pixels. I made a script to easily sift through the qr codes before fixing them ```python! import cv2 img = cv2.copyMakeBorder(cv2.imread('stacked_qrs.png'), 0, 40, 0, 40, cv2.BORDER_CONSTANT, None, [255,255,255]) export = [] x, y = 0, 0 print(img.shape) # cv2.imshow("original", img) # cv2.waitKey(0) for row in range(14): x = 0 for column in range(14): crop = img[y:y+210,x:x+210] cv2.imshow("cropped", crop) key = cv2.waitKey(0) if(key == ord('s')): export.append(cv2.copyMakeBorder(crop,0,0,0,20,cv2.BORDER_CONSTANT, None, [255,0,128])) x += 70 y+=70 concat_img = cv2.hconcat(export) cv2.imwrite('.\\export.png',concat_img) cv2.imshow('test',concat_img) cv2.waitKey(0) ``` Got the QRs ![ValidmaybeQRs](https://i.imgur.com/PzSSo3g.png) Fixed them. ![FixedQRs](https://i.imgur.com/V4D2PBD.png) All I need to do is scan them ![QR_1](https://i.imgur.com/0JAegmG.png) ![QR_2](https://i.imgur.com/Yd7dzSK.png) ![QR_3](https://i.imgur.com/iGwVOjk.png) <details> <summary>Flag</summary> ASIS{7iM3_70_fix_7Hi5_0ld_diR7y_PRin73R!!} </details> ## Compoti (114) Challenge gave me a `.raw` file. After examining the file further, it was a reiser file system. Using [rdrreiser](https://www.ufsexplorer.com/raise-data-recovery-reiser/), I could restore some files. ![](https://i.imgur.com/ctebyLB.png) flag.txt was just a red herring. The other 2 files were Portable Gray Map Image, one was ASCII version and the other was binary version. Looking inside the .pmg file, I could see comments and the file's width, height and max gray value were changed to 0. ![Notepad](https://i.imgur.com/5H8iOfc.png) I could replace the number 0 from the comment with spaces, and 9 from the image with spaces and get the message ![Notepad_Replaced](https://i.imgur.com/9SFJnVx.png) OR I could edit the width, height and the max grey value then open the file in GIMP. ![GIMP](https://i.imgur.com/YOVAk2y.png) Decrypt with the given key gave me the flag. ![Flag](https://i.imgur.com/bONJiU6.png) <details> <summary>Flag</summary> ASIS{pgm_1M4gE_f0Rma7_ManUpL4T!On!} </details>