Easy Live

GandalfTheWise

30 points

438 Solves

Forensics

Easy

kcbowhunter ctflearn++ badge

Community Rating: 4.64 / 5

Extract the flag from the Gandalf.jpg file. You may need to write a quick script to solve this.

First 10 Solvers

Rank Username
1 ahko3112
2 shikame
3 ebouteillon
4 voyante
5 Veritas
Rank Username
6 nullsec
7 mamimi1773
8 nza777
9 pgjycnmi
10 xvenom

    • Wojtek

      hey you gave the solution but CTFlearn {xor_is_your_friend} is wrong after entering it and it does not count the solution to the challenge

  • Melino

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

    • kcbowhunter ctflearn++ badge

      Melino you have to study the other comments in the jpeg file

  • MATIXON

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

    • kcbowhunter ctflearn++ badge

      You need to look at the other comments in the jpeg file for clues.

  • John_Noob5

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

    • kcbowhunter ctflearn++ badge

      Have you solved RubberDuck and Snowboard before solving this problem? These 3 problems are of increasing difficulty and they build on each other.

      • agula7171

        Yes, but I can't solve GandalfTheWise. Please hint!

        • kcbowhunter ctflearn++ badge

          It's probably best for you to send me DM on Twitter @kcbowhunter so I can better help you.

    • kcbowhunter ctflearn++ badge

      What have you done so far? Have you looked at the comments embedded in the jpeg?

        • kcbowhunter ctflearn++ badge

          Thank you. Maybe try MountainMan and then VargasIsland next?

  • 0xstain

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

    • kcbowhunter ctflearn++ badge

      Do you think the flag in the first comment might be a hint? How many other comment blocks did you find? Are you familar with base64 encoding?

  • John_Noob5

    just found x is ur friend... then i blank?help?

    • kcbowhunter ctflearn++ badge

      do you know what xor is? Watch this video if you need to learn about binary operations like xor ... it's a great video: https://www.youtube.com/watch?v=tLdvEOam3sk&t=110s

  • IT_Oracle

    I always love a good Gandalf reference! Thanks for the fun challenge! ^-^

  • agula7171

    CTFlearn{xor_is_your_friend} is not flag. Please hint :)

    • kcbowhunter ctflearn++ badge

      This is actually a hint... study the other comments embedded in the jpeg file and think of how to use xor to solve the challenge.

    • agula7171

      Protected

      [REDACTED] This comment is only shown to users who have solved this challenge.

  • agula7171

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

    • kcbowhunter ctflearn++ badge

      That is part of it, you have to find something else to xor it with.

  • Laeneven

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

    • kcbowhunter ctflearn++ badge

      Laeneven - can you send me a message via Twitter @kcbowhunter

  • Philtrum

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • hishiro ctflearn++ badge

    Hey, I'm decode base64 the first block and got XOR is my friend. Are there only one hint in the jpeg or more.

    • kcbowhunter ctflearn++ badge

      You need to decode the other comment blocks in the jpeg file also, then determine what do you do when you have two binary files... are they the same length?

      • Rivit

        I really dont know what am I supposed to do with xor. I tried xoring two comments - no luck, any hints? The comments have equal length, but xoring them gives garbage....

  • favianahza

    Should I XOR the base64 encrypted message with another comment ?

    • kcbowhunter ctflearn++ badge

      that is a good place to start... see if you can find two comments that are the same size after you do base64 decoding

      • favianahza

        yes i've found it, but what should i do now ? can you help me. This is my first two weeks playing CTF.

  • TheBigBro122

    I extracted the other comments, I got some ciphers. I really don't know what to do with them and I don't really know XOR (still reading stuff about it) that much. Can you guys please give me a clue or some sources that can help me solve this? Thanks

    • kcbowhunter ctflearn++ badge

      Hi BigBro122... check out this video, it is excellent for learning about hex notation and xor: https://www.youtube.com/watch?v=tLdvEOam3sk

  • pjrox

    It take me thinking hard... Great challenge

        • kcbowhunter ctflearn++ badge

          You need to study all 3 comment blocks in the jpeg. One or more of them may be base64 encoded. Good Luck!

          • UfaiX04

            yes i fount the xor is your friend, but the other two i cant understand what i have to decipher, i tried doing a brute force of the two, which gave me nothing, also i have dona all your other challenges (which i enjoyed)

            • kcbowhunter ctflearn++ badge

              The second and third comments are strings that are base64 encoded. Use base64 -d string > file to decode. Note that you need to redirect to a file because the decode generates raw bytes. Do this for the second and third comment to get two files of raw bytes. Then xor is your friend :-)

              • UfaiX04

                Protected

                [REDACTED] This comment is only shown to users who have solved this challenge.

                • pjrox

                  LOL you are going right this is one of the steps i reached... Just... Push a little harder... It is worth it. Coz at last I had that wonderful feeling, and for sure you don't wanna miss it.

  • SquidBoy

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

    • kcbowhunter ctflearn++ badge

      Protected

      [REDACTED] This comment is only shown to users who have solved this challenge.

  • jpgauvin

    If your are stuck, try with cryptii.com, if you find a way to read the first message, you will find it hard to read the other two. So find a way to read those bytes. The first message is a hint on what to do with the other two. I hope I will help

  • zapa1928

    You may write a quick script or use cyberchef

  • h3ck1nr4ch3l

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

    • kcbowhunter ctflearn++ badge

      Send me a DM on Twitter @kcbowhunter and we can discuss

  • Kira15

    nice challenge. i probably learned something new

  • LostGhost1

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

    • kcbowhunter ctflearn++ badge

      LostGhost1 the two strings are base64 encoded. You have to decode then xor.

  • camus_

    solved it using cyberchef but can any one guide how to write script for it

    • kcbowhunter ctflearn++ badge

      I don't want to any published guides how to solve any of my challenges, because then people can just read the guide without thinking or worse yet just enter the flag to get credit for solving the challenge. I create and solve all of my challenges using Python scripts, if you would like some suggestions how to solve via a script please send me a DM @kcbowhunter Twitter or discord.

      • camus_

        I wasn't asking for flag or solution. I understand the challenge and have solved it, was looking for help in writing scripts as I'm still learning. btw thanks , you helped me when I reached out to you. you're challenges are great, and have a lot to learn from. :)

  • tanyudha

    honestly i dont think this is easy at all

    • kcbowhunter ctflearn++ badge

      It is difficult to give ratings to the problems because everyone has a different level of experience and background. What is easy for one person with forensics experience might be more challenging for someone else with more of a web background.

    • kcbowhunter ctflearn++ badge

      Thanks, this was a fun challenge to create. If you have time try my Nighthawk challenge, only 2 solvers at this time.

  • sanbhat

    Gr8 challenge 4 a newbie like me But you could have removed or rather the xor_is_your_friend flag could have been left incomplete(much better in my opinion)

    • kcbowhunter ctflearn++ badge

      Thanks, I tried to build a set of challenges that gradually increase in complexity.