# Flag Hoarding [mapleCTF](https://ctf.maplebacon.org/) - (misc/forensic)
###### tags: `ctf` `find information on image` `cipher` `forensic`
**Description**: Damning internal communications within Maple Bacon have been leaked, revealing a plot to steal the flags of other teams at the upcoming International Flag Admirers' Conference. You've gotten a hold of the leaked files. Find information that could help uncover the identity of the whistleblower.
**Attaching**: [Access link to get image](https://drive.google.com/drive/folders/1Cof4-jeFwBse9HPgGvf9ba-WlC6_zlUL?usp=sharing)
![](https://i.imgur.com/nFs956c.jpg)
# **Searching the internal image**
- First, we look the black out cover the letter, so i think it may be or should be the hidden target we want to exploit so i try anything method to erase it but i don't having anything on that
- Second, i think about if i do change the color, what happen ? so any tools we can use like [Stegsolve](https://github.com/zardus/ctf-tools/blob/master/stegsolve/install), [photoshop](https://www.adobe.com/vn_vi/products/photoshop.html) or just the internet tool like [aperisolve](https://www.aperisolve.com/), all of them will make u change the color parameter of image and yeah let how to find anything else.
- Third, i don't know what the description mean but on the time to solve this chall i don't think about anything else about cipher or what technical, but i wrong, cipher is the factor to solve this chall. So ***Uncover huh ? may be it just the trap LOL :smiley:***.
## --> So that all things i want to tell you about the image, i not sure there is anything else we can exploit, so just letmeknow :innocent:
# Exploit
***I will use 2 method to change color and let u know how process of the tool we use, **note:** you can do change manually with python or anything language u can :coffee:***
## Method 1: Use the Stegsolve
- Open Stegshow and choose the function u want, basically the color change will original apply when i import the image so let use the arrow button to change and look carefully what the image tell :8ball:
![](https://i.imgur.com/RANT4b6.png)
<em style='text-align:center;'>GUI of the Stegsolve</em>
- Use the arrow and change the color parameter to get something interesting if it occurs :sweat_smile: and yeah the time we cost not much to take this :scream:
![](https://i.imgur.com/9YMvRXx.png)
- on the first time i solve but it same look like the [braille cipher](https://www.dcode.fr/braille-alphabet) - it usually use for blind human - but it has wrong thing to make sure it not **braille** it hasn't enough dot to decrypt to the readable language, poor for me to it cost me 2 hours to not get anything but i learn something about brallie, just cool stuff we can use on real life :smile:
## Method 2: Use the AperiSolve
- Do by submit the image we want to exploit to the website, **note:** AperiSolve is the integrated tool so be greate if we want to know the infomation of image on once time
![](https://i.imgur.com/KmRHlP8.png)
- Submit and get what u want :coconut:
![](https://i.imgur.com/mKV6AFW.png)
- Cool stuff of the AperiSolve is the letmeknow about what time the image is submit on server :1234:, it just fun but we can see to password or anything else if we want to use :sign_of_the_horns:
![](https://i.imgur.com/ipuRb8q.png)
- Like the above method we also get the image contain the doubtful image.
## --> So after exploit image we need to complete the other half way to get the flag or anything else, i probally it will value on your next CTF if u see that again :smirk:
# Research
*I need to give the thanks about my friend **FaLLenSkiLL** to helping me find the type of cipher and it is the right way we need, once again i happy to discuss with you about this chall, Thanks a lot* :100:
## Cipher like the image call *[Machine Identification Code](https://en.wikipedia.org/wiki/Machine_Identification_Code)*, so i will take a brief about this
- **Define**: A Machine Identification Code (MIC), also known as printer steganography, yellow dots, tracking dots or secret dots, is a digital watermark which certain color laser printers and copiers leave on every printed page, allowing identification of the device which was used to print a document and giving clues to the originator. Developed by Xerox and Canon in the mid-1980s, its existence became public only in 2004. In 2018, scientists developed privacy software to anonymize prints in order to support whistleblowers publishing their work. [Wikipedia]
- Look at the description and the define of cipher we can see the one thing is coincident is the whisteblowers, ah hah that all we need
- It have the technical aspect we need to know:
- The pattern consists of a dot-matrix spread of yellow dots, which can barely be seen with the naked eye.
- The dots have a diameter of a tenth of a millimeter (0.004") and a spacing of about one millimeter (0.039").The decoding process discovered by the EFF.
- The MIC need to lazer to see the invisible message so that why we need to change the color to see that, Author is really patience man :+1:
- Example: ![](https://i.imgur.com/eourSPH.png)
- [Decode for machine identification code](https://www.eff.org/files/filenode/printers/ccc.pdf) (It contains a much thing u want to know about the MIC), but i will focus on the decrypt and how we can read this cipher and one thing we have [Tool](https://w2.eff.org/Privacy/printers/docucolor/)
![](https://i.imgur.com/i9GuyEh.png)
![](https://i.imgur.com/AqFauHH.png)
- We will focus about column and row and we have 16 column from 1 to 15 and we take the first column and row to get the Parity ```I don't what it mean but i figure out will represent the level or i think so and on the ccc.pdf it say "1: row parity bit (set to guarantee an odd number of dots present per row)" ``` so next
- We see if we sum the number represent on row and column we can get something number of the message like in the 2th column if we sum row 32 + 16 + 2 = 50 yeah, it how MIC work or example work :smile:
- And some stuffs need to know last column not have not meaning and the column have full of dot is represent for separator
- And onething i think the example is the particular example about time and serial, and i don't know the chall have same, let find it
## --> Cool stuff huh, pretty strange ```I don't understand why i said that``` :scream:
# Decrypt the message
- The important moment has come to solve the challenge with your knowledge
i will use this to solve the chall, it small cut from the image we do exploit
![](https://i.imgur.com/5IzYQdS.png)
with me take the calculator and sum it and find what we get
![](https://i.imgur.com/VWKXSkv.png)
so we get the series of something kind like decimal because it it not have some thing to now it maple flag let try with [decimal to ascII](https://onlineasciitools.com/convert-decimal-to-ascii)
![](https://i.imgur.com/0QqGaBK.png)
```
Original
109-97-112-108-101-123-116-119-48-95-68-51-67-52-68-51-53-95-48-102-95-45-116-51-103-48-125
Covert:
maple{tw0_D3C4D35_0f_st3g0}
```
Flag we find : maple{tw0_D3C4D35_0f_st3g0}
# I hope u learn something about this, it like a new cipher but we not care about this, so it makes us so patience to solve that, :sweat: Man we solve that phiz phiz. Happy hacking and drop comment to see how you work :smile: Peace! and i will come back with something new LOL. Bye bye.