SpaceStation
50 points Medium

The SpaceStation.jpg contains the encrypted flag in the file flag.enc. The flag is encrypted using openssl and the AES algorithm. The iv and key used for the openssl encryption command are opcodes in an executable named Bangalore that is also hidden in SpaceStation.jpg.

You will need to know just a little bit about crypto, executable file formats and assembler to solve this challenge... objdump is your friend :-)

Needed info is provided in the embedded readme file.

SpaceStation.jpg
Flag
Rating 4.56
5
4
3
2
1

Discussion

i can't i've tried everything

0

i cant find the .data !!!!! i found the key but the iv is still cant find it, any help ?

edited:

after a day, i found the .data and the .text

tried to openssl it and still bad decrypt

0

Nice one! I had problems counting in hex, and also, that skip 00 part confused me. Again, ChatGPT helped!

0

CTFlearn{A11_Y0ur_Ba5e_Are_Bel0ng_T0_Us}

-18

??? At least protect that comment wtf?

0

Dang, that took me a long time. Is good to work with AES. In the end had to resort to a kind of brute force.

1

Solved with ODA and CyberChef :) ...

0

It's easy with the hint, and if you are familiar with IDA, it takes only a few minutes!!!

0

Another classic kcbowhunter forensics challenge, loved it! Great work!!

1

Thanks!

1