Medium Live

SpaceStation

50 points

16 Solves

Forensics

kcbowhunter ctflearn++ badge

Community Rating: 4.80 / 5

Headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

The SpaceStation.jpg contains the encrypted flag in the file flag.enc. The flag is encrypted using openssl and the AES algorithm. The iv and key used for the openssl encryption command are opcodes in an executable named Bangalore that is also hidden in SpaceStation.jpg.

You will need to know just a little bit about crypto, executable file formats and assembler to solve this challenge... objdump is your friend :-)

Needed info is provided in the embedded readme file.

First 10 Solvers

Rank Username
1 Gilad ctflearn++ badge
2 momo1
3 brezelsnacker
4 voidxhat
5 ebouteillon
Rank Username
6 Rivit
7 spintronix
8 PFessORx
9 AbhiRen
10 adidoes

Comments

    • AbhiRen

      0.0

      Another classic kcbowhunter forensics challenge, loved it! Great work!!

    • brezelsnacker

      0.0

      First of all, nice challenge. I successfully decrypted the flag.enc file but the flag contains a space and a newline. If I try to submit this flag, it fails and says 'Incorrect flag.'. Did I miss something?

      • kcbowhunter ctflearn++ badge

        1

        Can you send me a DM on Discord and show me more details? Also please indicate which version of openssl you are using, I know on some challenges older versions of openssl have caused problems. There is one solver so that indicates to me that everything is working as it should.

      • kcbowhunter ctflearn++ badge

        1

        You probably need to double check your iv and key.

        • brezelsnacker

          0.0

          Thank you very much! I checked my openssl version and it seems that macOS uses LibreSSL. I changed it and did it again. It worked :-)