# Flag Hoarding [mapleCTF](https://ctf.maplebacon.org/) - (misc/forensic) ###### tags: `ctf` `find information on image` `cipher` `forensic` **Description**: Damning internal communications within Maple Bacon have been leaked, revealing a plot to steal the flags of other teams at the upcoming International Flag Admirers' Conference. You've gotten a hold of the leaked files. Find information that could help uncover the identity of the whistleblower. **Attaching**: [Access link to get image](https://drive.google.com/drive/folders/1Cof4-jeFwBse9HPgGvf9ba-WlC6_zlUL?usp=sharing) ![](https://i.imgur.com/nFs956c.jpg) # **Searching the internal image** - First, we look the black out cover the letter, so i think it may be or should be the hidden target we want to exploit so i try anything method to erase it but i don't having anything on that - Second, i think about if i do change the color, what happen ? so any tools we can use like [Stegsolve](https://github.com/zardus/ctf-tools/blob/master/stegsolve/install), [photoshop](https://www.adobe.com/vn_vi/products/photoshop.html) or just the internet tool like [aperisolve](https://www.aperisolve.com/), all of them will make u change the color parameter of image and yeah let how to find anything else. - Third, i don't know what the description mean but on the time to solve this chall i don't think about anything else about cipher or what technical, but i wrong, cipher is the factor to solve this chall. So ***Uncover huh ? may be it just the trap LOL :smiley:***. ## --> So that all things i want to tell you about the image, i not sure there is anything else we can exploit, so just letmeknow :innocent: # Exploit ***I will use 2 method to change color and let u know how process of the tool we use, **note:** you can do change manually with python or anything language u can :coffee:*** ## Method 1: Use the Stegsolve - Open Stegshow and choose the function u want, basically the color change will original apply when i import the image so let use the arrow button to change and look carefully what the image tell :8ball: ![](https://i.imgur.com/RANT4b6.png) <em style='text-align:center;'>GUI of the Stegsolve</em> - Use the arrow and change the color parameter to get something interesting if it occurs :sweat_smile: and yeah the time we cost not much to take this :scream: ![](https://i.imgur.com/9YMvRXx.png) - on the first time i solve but it same look like the [braille cipher](https://www.dcode.fr/braille-alphabet) - it usually use for blind human - but it has wrong thing to make sure it not **braille** it hasn't enough dot to decrypt to the readable language, poor for me to it cost me 2 hours to not get anything but i learn something about brallie, just cool stuff we can use on real life :smile: ## Method 2: Use the AperiSolve - Do by submit the image we want to exploit to the website, **note:** AperiSolve is the integrated tool so be greate if we want to know the infomation of image on once time ![](https://i.imgur.com/KmRHlP8.png) - Submit and get what u want :coconut: ![](https://i.imgur.com/mKV6AFW.png) - Cool stuff of the AperiSolve is the letmeknow about what time the image is submit on server :1234:, it just fun but we can see to password or anything else if we want to use :sign_of_the_horns: ![](https://i.imgur.com/ipuRb8q.png) - Like the above method we also get the image contain the doubtful image. ## --> So after exploit image we need to complete the other half way to get the flag or anything else, i probally it will value on your next CTF if u see that again :smirk: # Research *I need to give the thanks about my friend **FaLLenSkiLL** to helping me find the type of cipher and it is the right way we need, once again i happy to discuss with you about this chall, Thanks a lot* :100: ## Cipher like the image call *[Machine Identification Code](https://en.wikipedia.org/wiki/Machine_Identification_Code)*, so i will take a brief about this - **Define**: A Machine Identification Code (MIC), also known as printer steganography, yellow dots, tracking dots or secret dots, is a digital watermark which certain color laser printers and copiers leave on every printed page, allowing identification of the device which was used to print a document and giving clues to the originator. Developed by Xerox and Canon in the mid-1980s, its existence became public only in 2004. In 2018, scientists developed privacy software to anonymize prints in order to support whistleblowers publishing their work. [Wikipedia] - Look at the description and the define of cipher we can see the one thing is coincident is the whisteblowers, ah hah that all we need - It have the technical aspect we need to know: - The pattern consists of a dot-matrix spread of yellow dots, which can barely be seen with the naked eye. - The dots have a diameter of a tenth of a millimeter (0.004") and a spacing of about one millimeter (0.039").The decoding process discovered by the EFF. - The MIC need to lazer to see the invisible message so that why we need to change the color to see that, Author is really patience man :+1: - Example: ![](https://i.imgur.com/eourSPH.png) - [Decode for machine identification code](https://www.eff.org/files/filenode/printers/ccc.pdf) (It contains a much thing u want to know about the MIC), but i will focus on the decrypt and how we can read this cipher and one thing we have [Tool](https://w2.eff.org/Privacy/printers/docucolor/) ![](https://i.imgur.com/i9GuyEh.png) ![](https://i.imgur.com/AqFauHH.png) - We will focus about column and row and we have 16 column from 1 to 15 and we take the first column and row to get the Parity ```I don't what it mean but i figure out will represent the level or i think so and on the ccc.pdf it say "1: row parity bit (set to guarantee an odd number of dots present per row)" ``` so next - We see if we sum the number represent on row and column we can get something number of the message like in the 2th column if we sum row 32 + 16 + 2 = 50 yeah, it how MIC work or example work :smile: - And some stuffs need to know last column not have not meaning and the column have full of dot is represent for separator - And onething i think the example is the particular example about time and serial, and i don't know the chall have same, let find it ## --> Cool stuff huh, pretty strange ```I don't understand why i said that``` :scream: # Decrypt the message - The important moment has come to solve the challenge with your knowledge i will use this to solve the chall, it small cut from the image we do exploit ![](https://i.imgur.com/5IzYQdS.png) with me take the calculator and sum it and find what we get ![](https://i.imgur.com/VWKXSkv.png) so we get the series of something kind like decimal because it it not have some thing to now it maple flag let try with [decimal to ascII](https://onlineasciitools.com/convert-decimal-to-ascii) ![](https://i.imgur.com/0QqGaBK.png) ``` Original 109-97-112-108-101-123-116-119-48-95-68-51-67-52-68-51-53-95-48-102-95-45-116-51-103-48-125 Covert: maple{tw0_D3C4D35_0f_st3g0} ``` Flag we find : maple{tw0_D3C4D35_0f_st3g0} # I hope u learn something about this, it like a new cipher but we not care about this, so it makes us so patience to solve that, :sweat: Man we solve that phiz phiz. Happy hacking and drop comment to see how you work :smile: Peace! and i will come back with something new LOL. Bye bye.
Last changed by  
XeusNguyen
Stay humble and enthusiastic with passion. Follow me more on: https://wiki.xeusnguyen.xyz
846

Read more

Hackwekend Session 5 - Cloud Security (AWS IAM Policy)

First solve

5/5/2024
Hackwekend Session 6 - Cloud Security (Network and Red Team)

Link to challenge: https://k8slanparty.com/

5/5/2024
Deploy your alert with Grafana by Terraform and some common error with K8s

So hi there, continue of my mood for writing blog, i will release something to help you define the alert on grafana just use by terraform and managing them

4/25/2024
Hackwekend Session 0 - QRCode Vulnerabilities (Malicious QRCode gain access or reverse shell)

QR Codes Exploitation: How to Mitigate the Risk?

1/26/2024
Read more from XeusNguyen
Published on HackMD