# Aero CTF 2020 - Image Wave (Code, 498pts) Why didn't many peaple solve this? It's just an implementation of IFFT from spectrogram? ;) ## Challenge Details We are given three image files. ![](https://i.imgur.com/MaTxT07.jpg) ![](https://i.imgur.com/2wgQjy3.jpg) ![](https://i.imgur.com/AeQRDHm.png) Obviously the first two is [spectrogram](https://en.wikipedia.org/wiki/Spectrogram), which should simply be a result of FFT of the signal. And as the third image suggests, we should implement inverse of FFT (IFFT) to recover the original data. I implemented a solver with Node.js. ```javascript= const {promises: fs} = require('fs'); const color = require('color'); const {ifft} = require('fft-js'); const {WaveFile} = require('wavefile'); const jimp = require('jimp'); (async () => { const wav = new WaveFile(); const lennaA = await jimp.read('imga.png'); const lennaP = await jimp.read('imgp.png'); const signals = [] for (const x of Array(3941).keys()) { if (x % 100 === 0) { console.log('progress:', x); } const phasors = []; for (const y of Array(1024).keys()) { const hueA = color(lennaA.getPixelColor(x, 1080 - y) >> 8).hue(); const hueP = color(lennaP.getPixelColor(x, 1080 - y) >> 8).hue(); const valueA = (300 - hueA) / 300 * 12 - 6; const valueP = (300 - hueP) / 300 * 12 - 6; phasors.push([valueA ** 9, valueP ** 9]); } const signal = ifft(phasors); signals.push(...signal); } wav.fromScratch(1, 22050, 32, signals.map((v) => v[0] * (2 ** 17))); await fs.writeFile('out.wav', wav.toBuffer()); })(); ``` This produces the following output: <audio controls src="https://hakata-public.s3-ap-northeast-1.amazonaws.com/aeroctf/out.mp3"></audio> The synthesized voice of some digits starts from 1:29. Transcribe it and get flag: `Aero{44130800454087113922111421638436416130198703185043619684674310673384316}`
Last changed by  
Koki Takahashi
434

Read more

Learning with Exploitation author's writeup

[*** 暗号化]0または1を要素に持つベクトル [$ \bm{r}] を生成する。このとき平文 [$ m\in{0,1}] に対応する暗号文は、[$ (\bm{u},v)=(\bm{r}\cdot\bm{A},\bm{r}\cdot\bm{t}+mq)]となる。ただし [$ q:=\lceil \frac{p}{2}\rceil][$ \bm{r}] は破棄する。

11/8/2023
BSides Ahmedabad CTF 2021 Writeup - SSSS.RNG, floorsa, Roda

SSSS.RNG $p$を512bitの素数、$a,b,x$を$p$未満のランダムな数とする。 以下すべて$\mathbb{Z}/p\mathbb{Z}$上の演算として、 $$ \begin{aligned} g_1&=ax+b\ g_2&=ag_1+b\ g_3&=ag_2+b\

11/7/2021
TSG CTF 2021 Beginner's Web 2021 Writeup

Challenge Summary You are given a website. It is doing some weird job. First, it constructs routes object based on the salt parameter and store it to the session. const setRoutes = async (session, salt) => { const index = await fs.readFile('index.html'); session.routes = { flag: () => '*** CENSORED ***',

10/5/2021
TSG CTF 2021 Giita Writeup

Challenge Summary You can create blog post. It is accepting an arbitrary HTML, but it is correctly escaped and sanitized by DOMPurify. const body = document.getElementById('body'); body.innerHTML = DOMPurify.sanitize(body.textContent); hljs.highlightAll(); The goal is to obtain the cookie of admin.

10/4/2021
Read more from Koki Takahashi
Published on HackMD