# Flag Hoarding [mapleCTF](https://ctf.maplebacon.org/) - (misc/forensic)
###### tags: `ctf` `find information on image` `cipher` `forensic`
**Description**: Damning internal communications within Maple Bacon have been leaked, revealing a plot to steal the flags of other teams at the upcoming International Flag Admirers' Conference. You've gotten a hold of the leaked files. Find information that could help uncover the identity of the whistleblower.
**Attaching**: [Access link to get image](https://drive.google.com/drive/folders/1Cof4-jeFwBse9HPgGvf9ba-WlC6_zlUL?usp=sharing)
# **Searching the internal image**
- First, we look the black out cover the letter, so i think it may be or should be the hidden target we want to exploit so i try anything method to erase it but i don't having anything on that
- Second, i think about if i do change the color, what happen ? so any tools we can use like [Stegsolve](https://github.com/zardus/ctf-tools/blob/master/stegsolve/install), [photoshop](https://www.adobe.com/vn_vi/products/photoshop.html) or just the internet tool like [aperisolve](https://www.aperisolve.com/), all of them will make u change the color parameter of image and yeah let how to find anything else.
- Third, i don't know what the description mean but on the time to solve this chall i don't think about anything else about cipher or what technical, but i wrong, cipher is the factor to solve this chall. So ***Uncover huh ? may be it just the trap LOL :smiley:***.
## --> So that all things i want to tell you about the image, i not sure there is anything else we can exploit, so just letmeknow :innocent:
# Exploit
***I will use 2 method to change color and let u know how process of the tool we use, **note:** you can do change manually with python or anything language u can :coffee:***
## Method 1: Use the Stegsolve
- Open Stegshow and choose the function u want, basically the color change will original apply when i import the image so let use the arrow button to change and look carefully what the image tell :8ball:
<em style='text-align:center;'>GUI of the Stegsolve</em>
- Use the arrow and change the color parameter to get something interesting if it occurs :sweat_smile: and yeah the time we cost not much to take this :scream:
- on the first time i solve but it same look like the [braille cipher](https://www.dcode.fr/braille-alphabet) - it usually use for blind human - but it has wrong thing to make sure it not **braille** it hasn't enough dot to decrypt to the readable language, poor for me to it cost me 2 hours to not get anything but i learn something about brallie, just cool stuff we can use on real life :smile:
## Method 2: Use the AperiSolve
- Do by submit the image we want to exploit to the website, **note:** AperiSolve is the integrated tool so be greate if we want to know the infomation of image on once time
- Submit and get what u want :coconut:
- Cool stuff of the AperiSolve is the letmeknow about what time the image is submit on server :1234:, it just fun but we can see to password or anything else if we want to use :sign_of_the_horns:
- Like the above method we also get the image contain the doubtful image.
## --> So after exploit image we need to complete the other half way to get the flag or anything else, i probally it will value on your next CTF if u see that again :smirk:
# Research
*I need to give the thanks about my friend **FaLLenSkiLL** to helping me find the type of cipher and it is the right way we need, once again i happy to discuss with you about this chall, Thanks a lot* :100:
## Cipher like the image call *[Machine Identification Code](https://en.wikipedia.org/wiki/Machine_Identification_Code)*, so i will take a brief about this
- **Define**: A Machine Identification Code (MIC), also known as printer steganography, yellow dots, tracking dots or secret dots, is a digital watermark which certain color laser printers and copiers leave on every printed page, allowing identification of the device which was used to print a document and giving clues to the originator. Developed by Xerox and Canon in the mid-1980s, its existence became public only in 2004. In 2018, scientists developed privacy software to anonymize prints in order to support whistleblowers publishing their work. [Wikipedia]
- Look at the description and the define of cipher we can see the one thing is coincident is the whisteblowers, ah hah that all we need
- It have the technical aspect we need to know:
- The pattern consists of a dot-matrix spread of yellow dots, which can barely be seen with the naked eye.
- The dots have a diameter of a tenth of a millimeter (0.004") and a spacing of about one millimeter (0.039").The decoding process discovered by the EFF.
- The MIC need to lazer to see the invisible message so that why we need to change the color to see that, Author is really patience man :+1:
- Example: 
- [Decode for machine identification code](https://www.eff.org/files/filenode/printers/ccc.pdf) (It contains a much thing u want to know about the MIC), but i will focus on the decrypt and how we can read this cipher and one thing we have [Tool](https://w2.eff.org/Privacy/printers/docucolor/)
- We will focus about column and row and we have 16 column from 1 to 15 and we take the first column and row to get the Parity ```I don't what it mean but i figure out will represent the level or i think so and on the ccc.pdf it say "1: row parity bit (set to guarantee an odd number of dots present per row)" ``` so next
- We see if we sum the number represent on row and column we can get something number of the message like in the 2th column if we sum row 32 + 16 + 2 = 50 yeah, it how MIC work or example work :smile:
- And some stuffs need to know last column not have not meaning and the column have full of dot is represent for separator
- And onething i think the example is the particular example about time and serial, and i don't know the chall have same, let find it
## --> Cool stuff huh, pretty strange ```I don't understand why i said that``` :scream:
# Decrypt the message
- The important moment has come to solve the challenge with your knowledge
i will use this to solve the chall, it small cut from the image we do exploit
with me take the calculator and sum it and find what we get
so we get the series of something kind like decimal because it it not have some thing to now it maple flag let try with [decimal to ascII](https://onlineasciitools.com/convert-decimal-to-ascii)
```
Original
109-97-112-108-101-123-116-119-48-95-68-51-67-52-68-51-53-95-48-102-95-45-116-51-103-48-125
Covert:
maple{tw0_D3C4D35_0f_st3g0}
```
Flag we find : maple{tw0_D3C4D35_0f_st3g0}
# I hope u learn something about this, it like a new cipher but we not care about this, so it makes us so patience to solve that, :sweat: Man we solve that phiz phiz. Happy hacking and drop comment to see how you work :smile: Peace! and i will come back with something new LOL. Bye bye.
Google Drive
Gist
Clipboard
Sign in with Wallet
