Easy Live

GandalfTheWise

30 points

94 Solves

Forensics

Easy

kcbowhunter ctflearn++ badge

Community Rating: 4.73 / 5

Extract the flag from the Gandalf.jpg file. You may need to write a quick script to solve this.

First 10 Solvers

Rank Username
1 ahko3112
2 shikame
3 ebouteillon
4 voyante
5 Veritas
Rank Username
6 nullsec
7 mamimi1773
8 nza777
9 pgjycnmi
10 xvenom

  • Melino

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

    • kcbowhunter ctflearn++ badge

      Melino you have to study the other comments in the jpeg file

  • MATIXON

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

    • kcbowhunter ctflearn++ badge

      You need to look at the other comments in the jpeg file for clues.

  • John_Noob5

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

    • kcbowhunter ctflearn++ badge

      Have you solved RubberDuck and Snowboard before solving this problem? These 3 problems are of increasing difficulty and they build on each other.

      • agula7171

        Yes, but I can't solve GandalfTheWise. Please hint!

        • kcbowhunter ctflearn++ badge

          It's probably best for you to send me DM on Twitter @kcbowhunter so I can better help you.

    • kcbowhunter ctflearn++ badge

      What have you done so far? Have you looked at the comments embedded in the jpeg?

        • kcbowhunter ctflearn++ badge

          Thank you. Maybe try MountainMan and then VargasIsland next?

  • 0xstain

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

    • kcbowhunter ctflearn++ badge

      Do you think the flag in the first comment might be a hint? How many other comment blocks did you find? Are you familar with base64 encoding?

  • John_Noob5

    just found x is ur friend... then i blank?help?

    • kcbowhunter ctflearn++ badge

      do you know what xor is? Watch this video if you need to learn about binary operations like xor ... it's a great video: https://www.youtube.com/watch?v=tLdvEOam3sk&t=110s

  • IT_Oracle

    I always love a good Gandalf reference! Thanks for the fun challenge! ^-^

  • agula7171

    CTFlearn{xor_is_your_friend} is not flag. Please hint :)

    • kcbowhunter ctflearn++ badge

      This is actually a hint... study the other comments embedded in the jpeg file and think of how to use xor to solve the challenge.

    • agula7171

      Protected

      [REDACTED] This comment is only shown to users who have solved this challenge.

  • agula7171

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

    • kcbowhunter ctflearn++ badge

      That is part of it, you have to find something else to xor it with.

  • Laeneven

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

    • kcbowhunter ctflearn++ badge

      Laeneven - can you send me a message via Twitter @kcbowhunter

  • Philtrum

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • hishiro ctflearn++ badge

    Hey, I'm decode base64 the first block and got XOR is my friend. Are there only one hint in the jpeg or more.

    • kcbowhunter ctflearn++ badge

      You need to decode the other comment blocks in the jpeg file also, then determine what do you do when you have two binary files... are they the same length?

      • Rivit

        I really dont know what am I supposed to do with xor. I tried xoring two comments - no luck, any hints? The comments have equal length, but xoring them gives garbage....

  • favianahza

    Should I XOR the base64 encrypted message with another comment ?

    • kcbowhunter ctflearn++ badge

      that is a good place to start... see if you can find two comments that are the same size after you do base64 decoding

      • favianahza

        yes i've found it, but what should i do now ? can you help me. This is my first two weeks playing CTF.

  • TheBigBro122

    I extracted the other comments, I got some ciphers. I really don't know what to do with them and I don't really know XOR (still reading stuff about it) that much. Can you guys please give me a clue or some sources that can help me solve this? Thanks

    • kcbowhunter ctflearn++ badge

      Hi BigBro122... check out this video, it is excellent for learning about hex notation and xor: https://www.youtube.com/watch?v=tLdvEOam3sk

  • pjrox

    It take me thinking hard... Great challenge

        • kcbowhunter ctflearn++ badge

          You need to study all 3 comment blocks in the jpeg. One or more of them may be base64 encoded. Good Luck!

          • UfaiX04

            yes i fount the xor is your friend, but the other two i cant understand what i have to decipher, i tried doing a brute force of the two, which gave me nothing, also i have dona all your other challenges (which i enjoyed)

            • kcbowhunter ctflearn++ badge

              The second and third comments are strings that are base64 encoded. Use base64 -d string > file to decode. Note that you need to redirect to a file because the decode generates raw bytes. Do this for the second and third comment to get two files of raw bytes. Then xor is your friend :-)

              • UfaiX04

                Protected

                [REDACTED] This comment is only shown to users who have solved this challenge.

  • SquidBoy

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

    • kcbowhunter ctflearn++ badge

      Protected

      [REDACTED] This comment is only shown to users who have solved this challenge.

  • jpgauvin

    If your are stuck, try with cryptii.com, if you find a way to read the first message, you will find it hard to read the other two. So find a way to read those bytes. The first message is a hint on what to do with the other two. I hope I will help

  • zapa1928

    You may write a quick script or use cyberchef