csictf 2020

CTF Writeup - https://ctftime.org/event/1081

Home csictf 2020 Writeups Home
22 July 2020

Panda

by AnandSaminathan

I wanted to send this file to AJ1479 but I did not want anyone else to see what’s inside it, so I protected it with a pin.

Files

Solution

The given zip file is password protected, which can be cracked using fcrackzip or john:

fcrackzip -v -u -D -p rockyou.txt panda.zip

The password was 2611. After extracting the zip file using the password, we got two images, one was the messed up version of the other. On analysing using xxd, it was clear that some parts of the original image was replaced in the messed up image (with the flag). A simple Go program which prints the changed bytes (the flag):

package main

import (
	"io/ioutil"
	"fmt"
)

func main() {

	corrupted, err1 := ioutil.ReadFile("panda1.jpg")
	original, err2 := ioutil.ReadFile("panda.jpg")

  if err1 != nil || err2 != nil {
    fmt.Printf("Error loading the files")
  }

	for i, cur := range original {
		if cur != corrupted[i] {
			fmt.Printf("%c", corrupted[i])
		}
	}

	return
}

Flag

csictf{kung_fu_p4nd4}
tags: Forensics