# 2020 Defenit CTF - Baby Steganography >###### TAGS: `forensic` >[name=rlaclgjs@PLUS] ## Attachments * writeup * [solver code](https://gist.github.com/rlaclgjs1107/263cd8e085ac98c8d15f07a690223d97#file-sol-py) Attachments are uploaded on [gist](https://gist.github.com/rlaclgjs1107/263cd8e085ac98c8d15f07a690223d97) ## Challenge ``` Description I heared you can find hide data in Audio Sub Bit. Do you want to look for it? ``` Challenge provides a file named `problem`. ## Solution Below is file header of `problem`, opened with `HxD Editor`. ![fileheader](https://user-images.githubusercontent.com/53330811/84628225-310eef80-af23-11ea-8a49-a8990fb66c84.PNG) Reading header of the file, we can know `problem` is `.wav` format file. Because description of the challenge mentioned `Audio Sub Bit`, I noticed the challenge is about `LSB`. Wave information is contained in `data` subchunk that comes after `fmt` subchunk. So, The flag will be hidden in the `LSB` of the actual information behind the `ckID` and `cksize` of the `data` subchunk. Let's check out! ## Solver ``` with open("problem", "rb") as f: ckID = f.read(4) cksize = f.read(4) WAVEID = f.read(4) ckID_ = f.read(4) cksize_ = f.read(4) wFormatTag = f.read(2) nChannels = f.read(2) nSamplesPerSec = f.read(4) nAvgBytesPerSec = f.read(4) nBlockAlign = f.read(2) wBitPerSample = f.read(2) ckID__ = f.read(4) cksize__ = f.read(4) print("ckID : %s"%ckID) print("cksize : %s"%cksize) print("WAVEID : %s"%WAVEID) print("=======") print("ckID : %s"%ckID_) print("cksize : %s"%cksize_) print("wFormatTag : %s"%wFormatTag) print("nChannels : %s"%nChannels) print("nSamplePerSec : %s"%nSamplesPerSec) print("nAvgBytesPerSec : %s"%nAvgBytesPerSec) print("nBlockAlign : %s"%nBlockAlign) print("wBitPerSample : %s"%wBitPerSample) print("=======") print("ckID : %s"%ckID__) print("cksize : %s"%cksize__) res = open("res.txt", "w", encoding="utf-8") while True: for i in range(8): break_f = 0 data_raw = f.read(1) if not data_raw: break_f = 1 break data = str(bin(int.from_bytes(data_raw, 'big') & 1)).split('b')[1] res.write(data) if(break_f==1): break res.write("\n") res.close() res_r = open("res.txt", "r") res_string = open("res_str.txt", "w", encoding="utf-8") for l in res_r: try: res_string.write(chr(int(l,2))) except: res_string.close() res_string.close() ``` Then in the first line of the file `res_str.txt`, there is a flag! ## Flag `Defenit{Y0u_knOw_tH3_@uD10_5t39@No9rAphy?!}`
Last changed by  
김치헌
60
Published on HackMD