Celebrity, you need to do some research on AES-256-CBC encryption. Research how long the iv and key are. Also you need to research the jpeg file format. The instructions indicate that the jpeg marker 0xff?? is not part of the iv or key. If you are getting the error that flag.enc can't be opened for reading, then you haven't found the encrypted flag yet. You have to extract flag.enc from the jpeg before you can decrypt it.
How to extract flag.enc? I tried to use strings(command) and i found base64 code, there was openssl command and this "CmmtaSHhAsK9pLMepyFDl37UTXQT0CMltZk7+4Kaa1svo5vqb6JuczUqQGFJYiycY". I also tried to rename the file to "flag.enc", then i saw "flag" file(it was empty, 0 bytes). What way should I go? Sorry for my bad English.
Celebrity, my challenges are designed to get more difficult as the number of Challenge points increase. You may want to solve some lower point challenges before this one, because the skills you learn on lower point challenges are used again for the higher point challenges.
Thanks! This was one of my first challenges and I just like the idea of using the data in the jpeg as the iv and key for AES encryption. VargasIsland builds on this problem and probably needs some Python if you are interested.
SeeTeeElf that happened because you used strings, and strings is not specific to jpeg format (it can be used on any file). If you read the jpeg file format spec (google 'jpeg file markers' the format of the comment block is 0xff 0xfe 0x00 0xnn where 0xnn is the length of the comment when it is less than 256 bytes. Because of the 0x00 before the 0xnn, strings treats 0xnn as the first character of a new string and includes 0xnn in the comment string. https://stackoverflow.com/questions/17447201/how-do-text-comments-in-jpg-files-work for a better writeup
Mate, good explanation. I actually copied it out of a hex editor incorrectly identifying the C as part of the Base64 encoding. I didn't actually think to check the actual comment marker and size of file. This was a great challenge. my favorite so far. i thought i knew JPGs before this haha
Further comment: the reason that i enjoyed this is because of the hint. It was still hard enough to figure out but just enough of a push in the right direction to not get frustrated not knowing where to start. Great challenge
Thanks! I put a lot of thought into making up the challenges, and it does take some thought to make it difficult / interesting but not impossible. This was one of the first challenges I created and it's one of my favorites, I like the idea of using the bytes in the jpeg as the iv and key to encrypt a message, so in a way the jpeg is the key. Thanks again for your comments. If you are interested, try my Nighthawk challenge, you might enjoy it.