Medium Live

ShahOfGimli

50 points

68 Solves

Forensics

Medium

kcbowhunter ctflearn++ badge

Community Rating: 4.85 / 5

That still only counts as one!

First 10 Solvers

Rank Username
1 ebouteillon
2 kcbowhunter ctflearn++ badge
3 dani0104
4 EdbR
5 naxedee
Rank Username
6 mamimi1773
7 SquidBoy
8 evrest
9 hahaznewbie
10 tiking

  • 0-2-0-0

    There is something I do not understand I found two flags and none of them are true. Is there something I miss

      • teax

        Protected

        [REDACTED] This comment is only shown to users who have solved this challenge.

        • kcbowhunter ctflearn++ badge

          teax It is ambiguous on purpose - this is a hint to solving the challenge. The previous comment block explains that the challenge is about applying the SHA256 hash function so there are other clues for solving this challenge. I also provide Python scripts for examining the jpeg and extracting bytes from the jpeg. So there is a lot of assistance given to solvers.

    • kcbowhunter ctflearn++ badge

      You may want to solve some of my other challenges first and then come back to this one, they are designed to get more difficult as the number of points increase

  • ebouteillon

    Thanks for another excellent picture forensics challenge 😋

    • kcbowhunter ctflearn++ badge

      Glad you liked it and congrats on being the first solver!

    • kcbowhunter ctflearn++ badge

      Send me a DM on twitter @kcbowhunter if you want to discuss

    • kcbowhunter ctflearn++ badge

      If you found two flags, one is a decoy and one is a hint. Keep exploring in the jpeg for other artifacts.

  • naxedee

    Not every Gimli is the key :) Great challenge :)

    • kcbowhunter ctflearn++ badge

      Glad you liked it; congratulations on solving it!

  • SquidBoy

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

    • kcbowhunter ctflearn++ badge

      SquidBoy can you send me a DM on Twitter @kcbowhunter? I can't post more here without giving away the solution. Those 3 fake keys are hints... you are close but still missing one important piece of the puzzle.

  • SquidBoy

    Ouch - that was painful (but fun). Thanks for the hint kcbh....

    • Celebrity

      Protected

      [REDACTED] This comment is only shown to users who have solved this challenge.

  • hahaznewbie

    Really learned a lot of things in this challenge!!! Challenging yet interesting

  • jpgauvin

    Very interesting challenge, but some hint were misleading for me, It took me several try with the sha256

    • kcbowhunter ctflearn++ badge

      The hints are designed to be a little ambiguous, not necessarily misleading. Actually the first SHA256 with the string is just to show that using SHA256 of something makes a nice key for AES 256 CBC... that was the original purpose, I actually didn't intend for that to be misleading. But others have made the same comment as you so now I understand why some feel it was misleading. But since you solved the challenge without any assistance (at least from me) I hope you see my original intent was consistent with 'the shah of Gimli is the key', which is the main hint and also essentially the name of the challenge.

      • jpgauvin

        it was a very good challenge, I always tend to take the wrong direction. For me the clues take on their meaning when I have solved the challenge. With more experience, I will understand more easily. I hope to see more of your challenges :-)

    • kcbowhunter ctflearn++ badge

      Thanks... the hints were not meant to be misleading, only ambiguous. If English is not your first language I can see where this might take you extra time. But certainly the main clue can be interpreted in multiple ways and that was intentional on my part. KeyMaker / VargasIsland / Scope are more well defined I would say. Thanks for taking time to solve my challenge and give your feedback.

    • kcbowhunter ctflearn++ badge

      Thanks, I put a lot of thought and work into this.

  • pr0ctf

    One of the best Forensics challenges I have solved here!

    • kcbowhunter ctflearn++ badge

      Thank you, I put a lot of time and thought into this one.

  • elliot_pwn

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • elliot_pwn

    Thanks for taking the time for creating these awesome challenges bro !

    • kcbowhunter ctflearn++ badge

      You are welcome, this was one of my favorite ones to create. I appreciate the feedback.

  • Panics

    Plisss answer 'the thrid comment block' it is start and finish from where ? plissss reply Stuckk

  • Panics

    Plisss answer 'the thrid comment block' it is start and finish from where ? plissss reply Stuckk

    • kcbowhunter ctflearn++ badge

      Please send me a DM to discuss, @kcbowhunter on Discord or Twitter. The jpeg contains multiple comment blocks, third one is well, the third comment block from the beginning of the jpeg. Google 'jpeg file format markers' or 'jpeg file format comment blocks'

        • kcbowhunter ctflearn++ badge

          The discord link is at the top of the page on ctflearn.com :-)

  • tuempeldiver

    Wow, took me a while. Had to solve your challenges step by step to get this... THANKS

    • kcbowhunter ctflearn++ badge

      Glad you enjoyed it; this challenge was fun to create and the hint turned out to be nicely ambiguous but not too vague I believe.