Flag Hoarding mapleCTF - (misc/forensic)

tags: ctf find information on image cipher forensic

Description: Damning internal communications within Maple Bacon have been leaked, revealing a plot to steal the flags of other teams at the upcoming International Flag Admirers' Conference. You've gotten a hold of the leaked files. Find information that could help uncover the identity of the whistleblower.

Attaching: Access link to get image

Searching the internal image

• First, we look the black out cover the letter, so i think it may be or should be the hidden target we want to exploit so i try anything method to erase it but i don't having anything on that
• Second, i think about if i do change the color, what happen ? so any tools we can use like Stegsolve, photoshop or just the internet tool like aperisolve, all of them will make u change the color parameter of image and yeah let how to find anything else.
• Third, i don't know what the description mean but on the time to solve this chall i don't think about anything else about cipher or what technical, but i wrong, cipher is the factor to solve this chall. So Uncover huh ? may be it just the trap LOL
  Image Not Showing Possible Reasons

  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported

  Learn More →
  .

–> So that all things i want to tell you about the image, i not sure there is anything else we can exploit, so just letmeknow

Image Not Showing Possible Reasons

• The image file may be corrupted
• The server hosting the image is unavailable
• The image path is incorrect
• The image format is not supported

Learn More →

Exploit

I will use 2 method to change color and let u know how process of the tool we use, note: you can do change manually with python or anything language u can

Method 1: Use the Stegsolve

• Open Stegshow and choose the function u want, basically the color change will original apply when i import the image so let use the arrow button to change and look carefully what the image tell

  Image Not Showing Possible Reasons

  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported

  Learn More →
  
  
  Image Not Showing Possible Reasons

  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported

  Learn More →
  
  GUI of the Stegsolve

• Use the arrow and change the color parameter to get something interesting if it occurs

  Image Not Showing Possible Reasons

  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported

  Learn More →
  and yeah the time we cost not much to take this
  Image Not Showing Possible Reasons

  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported

  Learn More →
  
  
  Image Not Showing Possible Reasons

  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported

  Learn More →

• on the first time i solve but it same look like the braille cipher - it usually use for blind human - but it has wrong thing to make sure it not braille it hasn't enough dot to decrypt to the readable language, poor for me to it cost me 2 hours to not get anything but i learn something about brallie, just cool stuff we can use on real life

  Image Not Showing Possible Reasons

  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported

  Learn More →

Method 2: Use the AperiSolve

• Do by submit the image we want to exploit to the website, note: AperiSolve is the integrated tool so be greate if we want to know the infomation of image on once time
  

  Image Not Showing Possible Reasons

  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported

  Learn More →

• Submit and get what u want

  Image Not Showing Possible Reasons

  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported

  Learn More →

• Cool stuff of the AperiSolve is the letmeknow about what time the image is submit on server
  Image Not Showing Possible Reasons

  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported

  Learn More →
  , it just fun but we can see to password or anything else if we want to use
  Image Not Showing Possible Reasons

  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported

  Learn More →

• Like the above method we also get the image contain the doubtful image.

–> So after exploit image we need to complete the other half way to get the flag or anything else, i probally it will value on your next CTF if u see that again

Image Not Showing Possible Reasons

• The image file may be corrupted
• The server hosting the image is unavailable
• The image path is incorrect
• The image format is not supported

Learn More →

Research

I need to give the thanks about my friend FaLLenSkiLL to helping me find the type of cipher and it is the right way we need, once again i happy to discuss with you about this chall, Thanks a lot

Cipher like the image call Machine Identification Code, so i will take a brief about this

• Define: A Machine Identification Code (MIC), also known as printer steganography, yellow dots, tracking dots or secret dots, is a digital watermark which certain color laser printers and copiers leave on every printed page, allowing identification of the device which was used to print a document and giving clues to the originator. Developed by Xerox and Canon in the mid-1980s, its existence became public only in 2004. In 2018, scientists developed privacy software to anonymize prints in order to support whistleblowers publishing their work. [Wikipedia]
• Look at the description and the define of cipher we can see the one thing is coincident is the whisteblowers, ah hah that all we need
• It have the technical aspect we need to know:
  • The pattern consists of a dot-matrix spread of yellow dots, which can barely be seen with the naked eye.
  • The dots have a diameter of a tenth of a millimeter (0.004") and a spacing of about one millimeter (0.039").The decoding process discovered by the EFF.
  • The MIC need to lazer to see the invisible message so that why we need to change the color to see that, Author is really patience man
    Image Not Showing Possible Reasons

    • The image file may be corrupted
    • The server hosting the image is unavailable
    • The image path is incorrect
    • The image format is not supported

    Learn More →
  • Example:
    Image Not Showing Possible Reasons

    • The image file may be corrupted
    • The server hosting the image is unavailable
    • The image path is incorrect
    • The image format is not supported

    Learn More →
  • Decode for machine identification code (It contains a much thing u want to know about the MIC), but i will focus on the decrypt and how we can read this cipher and one thing we have Tool
    
    Image Not Showing Possible Reasons

    • The image file may be corrupted
    • The server hosting the image is unavailable
    • The image path is incorrect
    • The image format is not supported

    Learn More →
    
    
    Image Not Showing Possible Reasons

    • The image file may be corrupted
    • The server hosting the image is unavailable
    • The image path is incorrect
    • The image format is not supported

    Learn More →
    • We will focus about column and row and we have 16 column from 1 to 15 and we take the first column and row to get the Parity I don't what it mean but i figure out will represent the level or i think so and on the ccc.pdf it say "1: row parity bit (set to guarantee an odd number of dots present per row)" so next
    • We see if we sum the number represent on row and column we can get something number of the message like in the 2th column if we sum row 32 + 16 + 2 = 50 yeah, it how MIC work or example work
      Image Not Showing Possible Reasons

      • The image file may be corrupted
      • The server hosting the image is unavailable
      • The image path is incorrect
      • The image format is not supported

      Learn More →
    • And some stuffs need to know last column not have not meaning and the column have full of dot is represent for separator
    • And onething i think the example is the particular example about time and serial, and i don't know the chall have same, let find it

–> Cool stuff huh, pretty strange I don't understand why i said that

Image Not Showing Possible Reasons

• The image file may be corrupted
• The server hosting the image is unavailable
• The image path is incorrect
• The image format is not supported

Learn More →

Decrypt the message

• The important moment has come to solve the challenge with your knowledge

i will use this to solve the chall, it small cut from the image we do exploit

with me take the calculator and sum it and find what we get

so we get the series of something kind like decimal because it it not have some thing to now it maple flag let try with decimal to ascII

Original
109-97-112-108-101-123-116-119-48-95-68-51-67-52-68-51-53-95-48-102-95-45-116-51-103-48-125

Covert:
maple{tw0_D3C4D35_0f_st3g0}

Flag we find : maple{tw0_D3C4D35_0f_st3g0}

I hope u learn something about this, it like a new cipher but we not care about this, so it makes us so patience to solve that,

Image Not Showing Possible Reasons

• The image file may be corrupted
• The server hosting the image is unavailable
• The image path is incorrect
• The image format is not supported

Learn More →

Man we solve that phiz phiz. Happy hacking and drop comment to see how you work

Image Not Showing Possible Reasons

• The image file may be corrupted
• The server hosting the image is unavailable
• The image path is incorrect
• The image format is not supported

Learn More →

Peace! and i will come back with something new LOL. Bye bye.