# UnforgottenBits | PicoCTF 2023 Author: LT 'syreal' Jones Description Download this disk image and find the flag. Note: if you are using the webshell, download and extract the disk image into /tmp not your home directory. There are no hints here, but there are plenty on the disk! --- I will work in Flare Os I import the image in Autopsy. ## Analizing with Autopsy  Interesting files  **Notes** chizazerite guldulheen I keep forgetting this, but it starts like: yasuoaatrox... **Email with interessting data** ```bash! subject: Deleting emails to: Sten Walker <yone786@gmail.com> from: Bob Bobberson <azerite17@gmail.com> Yone, This is just a reminder to delete all of our emails and scrub your trash can as well. We don't want our precious light falling into the wrong hands. You know the punishment for such 'crimes'. To the Light and All it reveals, - The Azerite Master ``` **Interesting data** azerite17@gmail.com Inspecting this particular email on keywordHints leads us to a interesing email with a link https://xkcd.com/936/ This website talks about password strengt and how to use 4 random common words as a password  This challenges is about finding a password first In the disk i also find A log with a conversation with intersteing information ```bash= [08:12] <yone786> Ok, let me give you the keys for the light. [08:12] <avidreader13> I’m ready. [08:15] <yone786> First it’s steghide. [08:15] <yone786> Use password: akalibardzyratrundle [08:16] <avidreader13> Huh, is that a different language? [08:18] <yone786> Not really, don’t worry about it. [08:18] <yone786> The next is the encryption. Use openssl, AES, cbc. [08:19] <yone786> salt=0f3fa17eeacd53a9 key=58593a7522257f2a95cce9a68886ff78546784ad7db4473dbd91aecd9eefd508 iv=7a12fd4dc1898efcd997a1b9496e7591 [08:19] <avidreader13> Damn! Ever heard of passphrases? [08:19] <yone786> Don’t trust em. I seed my crypto keys with uuids. [08:20] <avidreader13> Ok, I get it, you’re paranoid. [08:20] <avidreader13> But I have no idea if that would work. [08:21] <yone786> Haha, I’m not paranoid. I know you’re not a good hacker dude. [08:21] <avidreader13> Is there a better way? [08:22] * yone786 yawns. [08:24] <yone786> You’re ok at hacking. I’m good at writing code and using it [08:24] <avidreader13> What language are you writing in? [08:26] <yone786> C [08:26] <avidreader13> Oh, I see. [08:26] <yone786> I’m glad you like it. I’m sure you wouldn’t understand half of what I was doing. [08:28] <avidreader13> I understand enough, but I do wish you wouldn’t take so much time with it. [08:28] <yone786> Sorry. Well, I wish you could learn some things. [08:29] <avidreader13> But it’s an incredible amount of time you spend on it. [08:29] <yone786> Haha, don’t take it like that. ``` **Interessting** **Aes Key with the salt salt=0f3fa17eeacd53a9 key=58593a7522257f2a95cce9a68886ff78546784ad7db4473dbd91aecd9eefd508 iv=7a12fd4dc1898efcd997a1b9496e7591 password: akalibardzyratrundle** #leagueoflegends 0x00000030: 2E 6C 6F 67 00 00 00 00 00 00 00 00 00 00 00 00 .log Seams like it is a login to leage of legends account <yone786> First it’s steghide. It seems like there are a set of instructions I also found theese pictures, they are in bmp format, the the ones in this writeup are not the original  I will try steghide on them, for that i switch over to Kali ## Extractring with Steghide I extracted 3 encrypted files ```shell! -rw-r--r-- 1 root root 56784 Nov 17 04:27 dracula.txt.enc -rw-r--r-- 1 root root 55024 Nov 17 04:28 frankenstein.txt.enc -rw-r--r-- 1 root root 26464 Nov 17 04:25 les-mis.txt.enc ``` Theese where extracted from 1.bmp, 154-2.bmp, 156-3.bmp the las picture that looks like a book requiere another password. ```shell= root@kali:~/Documents/CTF/pico2023/inforgottenBits# steghide extract -sf 1.bmp Enter passphrase: wrote extracted data to "les-mis.txt.enc". root@kali:~/Documents/CTF/pico2023/inforgottenBits# steghide extract -sf 154-2.bmp Enter passphrase: wrote extracted data to "dracula.txt.enc". root@kali:~/Documents/CTF/pico2023/inforgottenBits# steghide extract -sf 156-3.bmp Enter passphrase: wrote extracted data to "frankenstein.txt.enc". root@kali:~/Documents/CTF/pico2023/inforgottenBits# steghide extract -sf 158-7.bmp Enter passphrase: steghide: could not extract any data with that passphrase! ``` ## Possibly Fake rabbithole here I made a script tha decrypts the files ```python= from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes from cryptography.hazmat.backends import default_backend import base64 # Replace these with your actual key, salt, and iv values salt = bytes.fromhex("0f3fa17eeacd53a9") key = bytes.fromhex("58593a7522257f2a95cce9a68886ff78546784ad7db4473dbd91aecd9eefd508 ") iv = bytes.fromhex("7a12fd4dc1898efcd997a1b9496e7591") # Function to decrypt data def decrypt(data, key, iv): backend = default_backend() cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend=backend) decryptor = cipher.decryptor() return decryptor.update(data) + decryptor.finalize() # just change the name of encrypted files with open("dracula.txt.enc", "rb") as file: encrypted_data = file.read() # Decrypt the data decrypted_data = decrypt(encrypted_data, key, iv) # Write the decrypted data to a file with open("dracula.txt", "wb") as file: file.write(decrypted_data) print("Decryption complete. Output written to output.txt") ``` This gave me the frankenstein, dracula and les-miserables book. For example the book frankenstein had hidden text at the end, i found the missing part with help of **"El Chat"**. ```text! Frankenstein Before this I was not unacquainted with the more obvious laws of electricity. On this occasion a man of great research in natural philosophy was with us, and excited by this catastrophe, he entered on the explanation of a theory which he had formed on the subject of electricity and galvanism, which was at once new and astonishing to me. All that he said threw greatly into the shade Cornelius Agrippa, Albertus Magnus, and Paracelsus, the lords of my imagination; but by some fatality the overthrow of these men disinclined me to pursue my  xxxxxxxxxxx = accostomed studies. ``` ```text! Dracula When I had finished, he said:-- "I am glad that it is old and big. I myself am of an old family, and to live in a new house would kill me. A house cannot be made habitable in a day; and, after all, how few days go to make up a century. I rejoice also that there is a chapel of old times. We Transylvanian nobles love not to think that our bones may lie amongst the common dead. I seek not gaiety nor mirth, not the bright voluptuousness of much sunshine and sparkling waters which please the young and gay. I am no longer young; and my heart, through weary years of mourning over the dead, is not attuned to mirth. Moreover, the walls of my castle are broken; the shadows are many, and the wind breathes cold through the broken battlements and casements. I love the shade and the shadow, and would be alone with my thoughts when I may." Somehow his words and his look did not seem to accord, or else it was that his cast of face made his smile look malignant and saturnine.  xxxxxxxxxxxx Presently he got up and said; — 'For tonight I am your guest—we will remain in all night, and we shall both be happy in each other's company.'" ``` ```text! Les miserables About the epoch of the coronation, some petty affair connected with his curacy—just what, is not precisely known—took him to Paris. Among other powerful persons to whom he went to solicit aid for his parishioners was M. le Cardinal Fesch. One day, when the Emperor had come to visit his uncle, the worthy Curé, who was waiting in the anteroom, found himself present when His Majesty passed. Napoleon, on finding himself observed with a certain curiosity by this old man, turned round and said abruptly:—  xxxxxxxx “— 'What is this?' said the Emperor briskly, 'who is this man?'” ``` ## Back to Autopsy Seems like yone likes Leage of Legends we have this **I keep forgetting this, but it starts like: yasuoaatrox...** ```bash yasuo aatrox chizazerite guldulheen yasuoaatroxchizazeriteguldulheen ``` Seems like a 4 word password ```bash! root@kali:~/Documents/CTF/pico2023/inforgottenBits# steghide extract -sf 158-7.bmp Enter passphrase: steghide: could not extract any data with that passphrase! ``` ## Another rabbithole :( Lets look at the names - > yasuo google says its a Leage of Legends champ - > aatrox google says its a Leage of legends champ - > chizazerite Google finds nothing - > guldulheen Google finds nothing I am missing two leage of legends names to have a 4 word password. ## Using Stegcracker I came across a tool named stegcracker that launch a dictionary attack on the bmp file and extract the data. https://github.com/Paradoxis/StegCracker The tool can be installed easy in Kali. For that i ned to create a dictionary and i need a list. I have **yasuo and aatrox** that are two champeons of Leage of Legends. I found a list if 160 champeons in a reddit. That list i save as **champs.txt** Then i use a script that will concatenate the two champeons with the other 160 and make 25600 combiantions. **Python script for wordlist** ```python= # Starting string strStart = "yasuoaatrox" # File names strInputFileName = "champs.txt" strOutputFileName = "newChampsDictionary.txt" # Open the file containing the names with open(strInputFileName, "r") as fileInput: lstNames = fileInput.readlines() with open(strOutputFileName, "w") as fileOutput: for strName1 in lstNames: for strName2 in lstNames: strCombined = strStart + strName1.strip().lower() + strName2.strip().lower() + "\n" fileOutput.write(strCombined) print(f"Data written to {strOutputFileName}") ```` **Result**  ```python= root@kali:~/Documents/CTF/pico2023/inforgottenBits# python3 wordlist.py Data written to newChampsDictionary.txt ``` Now i can run the Stegcracker with this .txt file and and possible get a passoword or even crack the bmp igame an extract its data. ## It worked!!  The password is Your file has been written to: 158-7.bmp.out yasuoaatroxashecassiopeia Now i can try to open the file with the aes key i get in autopsy. I try this command: ```bash= root@kali:~/Documents/CTF/pico2023/inforgottenBits# openssl aes-256-cbc d -S 0f3fa17eeacd53a9 -K 58593a7522257f2a95cce9a68886ff78546784ad7db4473dbd91aecd9eefd508 -iv 7a12fd4dc1898efcd997a1b9496e7591 -in 158-7.bmp.out -out resultFlag.txt aes-256-cbc: Use -help for summary. ``` And it dont work :( This is because its not the right key. I need to find the key in autopsy ## Back to Autopsy again...Slack Data or Hidden metadata Where to start.. i was stuck here for a long time, digging for info on the web, the chat. Understanding the name of the challenge and then i came across discovering hidden metadata in autopsy. For example: If there is a process in a text file, som bits can still be pressent. Like temp files on windows, they are not visible but we need to enable them. This is called enabling Slack Data. This can be enabled in options. And i came across some data content in  It looks like binary data, but i dont get much if i try to decode it with a normal decoder. Digging for a while, i came across the browsing history  https://en.wikipedia.org/wiki/Church_encoding https://cs.lmu.edu/~ray/notes/numenc/ https://www.wikiwand.com/en/Golden_ratio_base https://www.wikiwand.com/en/Golden_ratio_base What is the Golden Ratio? The Golden Ratio, often symbolized by the Greek letter φ (phi), is a special number approximately equal to 1.61803399. It's found by solving the equation φ = 1 + 1/φ, which can also be expressed as φ = (1 + √5) / 2. This number has unique mathematical properties and appears in various areas of art, architecture, and nature. What is Base-φ or the Golden Ratio Base? Base-φ is a numeral system that uses the Golden Ratio (φ) as its base. In this system, the position of each digit affects its value based on powers of φ, similar to how in base-10 the position is based on powers of 10. In essence, the Golden Ratio base is a unique way of representing numbers using the Golden Ratio as the base. It's an unusual system compared to our standard decimal system because it operates on different mathematical principles and uses only two digits. ## Decrypting the Slack Data With the help of el Papi Chat i made a python script that takes the slack data from a text file and runs it through a golden ratio algorythm. **The Script** ```python= import sys from math import sqrt # Check if a filename is provided as a command-line argument if len(sys.argv) < 2: print("Usage: python script.py filename") sys.exit(1) # Get the file name from the command-line argument strFilename = sys.argv[1] # Calculate the Golden Ratio fPhi = (1 + sqrt(5)) / 2 # Read the data from the file and strip the newline at the end with open(strFilename, "r") as file: strSlack = file.readlines()[0].strip() # Initialize the answer string strAns = '' # Loop over the numbers, each having 11 digits, a decimal point, then 3 digits (15 chars in total) for j in range(len(strSlack) // 15): # Grab the current segment strFirst = strSlack[j * 15 : (j + 1) * 15] # Split the segment into parts before and after the decimal point strB4 = strFirst[:-4] strAft = strFirst[-3:] fSum = 0 # Add the powers of φ for each digit before the decimal point for i in range(len(strB4)): if strB4[i] == '1': fSum += pow(fPhi, 10 - i) # Add the powers of φ for each digit after the decimal point for i in range(len(strAft)): if strAft[i] == '1': fSum += pow(fPhi, -(i + 1)) # Round to the nearest integer and convert to ASCII strAns += chr(int(fSum + 0.5)) # Print the result print(strAns) ``` ## It worked I run the script and get the key  ```bash= salt=2350e88cbeaf16c9 key=a9f86b874bd927057a05408d274ee3a88a83ad972217b81fdc2bb8e8ca8736da iv=908458e48fc8db1c5a46f18f0feb119f ``` ## The flag I tried the openssl command but it didnt work, so i used the python script extract.py that i used earlier and i just replaced the keys. ```bash! root@kali:~/Documents/CTF/pico2023/inforgottenBits# python extract.py Decryption complete. Output written to decryptedFlag.txt ```  What a ride. ---