Medium Live

The Keymaker

50 points

70 Solves

Forensics

Medium

kcbowhunter ctflearn++ badge

Community Rating: 4.67 / 5

Jpeg comments can be very interesting.

First 10 Solvers


  • Noxtal

    Really cool challenge! There should be a lot more like that!

  • emo94

    any hint for what is iv and K?

    • kcbowhunter ctflearn++ badge

      you can DM me on Twitter for help, @kcbowhunter... otherwise how far did you get reading the comment blocks? The comments explain how to decode iv and K from within the jpeg

  • Caillou

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

    • kcbowhunter ctflearn++ badge

      https://wiki.openssl.org/index.php/Enc has information on using openssl enc with AES 256 CBC, I am also on twitter @kcbowhunter

      • Caillou

        Protected

        [REDACTED] This comment is only shown to users who have solved this challenge.

    • Caillou

      Where are you stuck? Did you understood the topics "hint"?

      • Dylanwu

        I found CTFlearn{TheKeymakerIsK00l} at the comment of the picture if that's what the hint is about. But it is not the correct flag.

        • Caillou

          You should check the others jpeg comments

    • kcbowhunter ctflearn++ badge

      how far did you get so far? Twitter @kcbowhunter

  • adhinvs

    Learned a Lot.... Thanks for including this challenge @kcbowhunter.....

    For the one who are trying to solve this look at: https://www.ccoderun.ca/programming/2017-01-31_jpeg/ https://wiki.fileformat.com/image/jpeg/

  • Celebrity

    How to find sos marker and sof0 length.... i m stuck help

    • kcbowhunter ctflearn++ badge

      Google 'jpeg file format' or 'jpeg file markers'

  • Celebrity

    It says no such file or directory when i tried ssl connection ..Am i Going in wrong way?

      • Celebrity

        Protected

        [REDACTED] This comment is only shown to users who have solved this challenge.

        • kcbowhunter ctflearn++ badge

          Celebrity, you need to do some research on AES-256-CBC encryption. Research how long the iv and key are. Also you need to research the jpeg file format. The instructions indicate that the jpeg marker 0xff?? is not part of the iv or key. If you are getting the error that flag.enc can't be opened for reading, then you haven't found the encrypted flag yet. You have to extract flag.enc from the jpeg before you can decrypt it.

          • franix808

            How to extract flag.enc? I tried to use strings(command) and i found base64 code, there was openssl command and this "CmmtaSHhAsK9pLMepyFDl37UTXQT0CMltZk7+4Kaa1svo5vqb6JuczUqQGFJYiycY". I also tried to rename the file to "flag.enc", then i saw "flag" file(it was empty, 0 bytes). What way should I go? Sorry for my bad English.

            • kcbowhunter ctflearn++ badge

              franix808 can you send me a DM on Twitter? @kcbowhunter

        • kcbowhunter ctflearn++ badge

          Celebrity, my challenges are designed to get more difficult as the number of Challenge points increase. You may want to solve some lower point challenges before this one, because the skills you learn on lower point challenges are used again for the higher point challenges.

          • Celebrity

            Thanks kcbowhunter for the help , i will work hard and solve it !!

  • SquidBoy

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

    • SquidBoy

      Protected

      [REDACTED] This comment is only shown to users who have solved this challenge.

  • ankitsumitg

    One of the best questions on forensics. Good job @kcbowhunter