Here’s a quick writeup on the two challenges I solved (Banana Princess and Beginner’s luck) during BITSCTF with the Cryptis team. It was my first CTF and a great experience :D

Banana Princess

For this challenge, we were given a PDF file which was said to have been encrypted.

Hexdump, search for a header

By running hexdump -C MinionQuest.pdf | head, we can get the header of the PDF file.

00000000  25 43 51 53 2d 31 2e 35  0d 25 e2 e3 cf d3 0d 0a  |%CQS-1.5.%......|
00000010  34 20 30 20 62 6f 77 0d  3c 3c 2f 59 76 61 72 6e  |4 0 bow.<</Yvarn|
00000020  65 76 6d 72 71 20 31 2f  59 20 34 33 30 31 39 30  |evmrq 1/Y 430190|
00000030  2f 42 20 36 2f 52 20 34  30 34 33 34 33 2f 41 20  |/B 6/R 404343/A |
00000040  31 2f 47 20 34 32 39 39  39 31 2f 55 20 5b 20 35  |1/G 429991/U [ 5|
00000050  37 36 20 31 35 35 5d 3e  3e 0d 72 61 71 62 6f 77  |76 155]>>.raqbow|
00000060  0d 20 20 20 20 20 20 20  20 20 20 20 20 20 20 20  |.               |
00000070  20 20 0d 0a 6b 65 72 73  0d 0a 34 20 31 34 0d 0a  |  ..kers..4 14..|
00000080  30 30 30 30 30 30 30 30  31 36 20 30 30 30 30 30  |0000000016 00000|
00000090  20 61 0d 0a 30 30 30 30  30 30 30 37 33 31 20 30  | a..0000000731 0|

We can see the header is CQS-1.5. A normal PDF file header is PDF-1.5 (I used a reference PDF file to find this).

Find the encryption method

By inputting CQS into http://www.dcode.fr/chiffre-cesar, we can see that a rotation of 13 gives us PDF.

Unencrypt it

The file may have been encrypted by using a Caesar cipher on the letters and leaving everything else alone. I wrote a Python script to unencrypt it.

#!/usr/bin/env python2
   
import codecs
    
res = ""
with open("MinionQuest.pdf2", "r") as f, open("result.pdf", "w") as out:
    for b in f.read():
        if ord(b) in range(ord("a"), ord("z")+1) or ord(b) in range(ord("A"), ord("Z")+1):
            # Then b = letter
            b = codecs.encode(b, "rot_13")
        res += b
    
    out.write(res)

The resulting PDF file had a message with a black bar over the key.

Extracting the key

I extracted the images using pdfimages :

pdfimages -png result.pdf images

The first image had the key written on it! BITSCTF{save_the_kid}

Beginner’s luck

This challenge gave a PNG file and some encryption code. The goal was to find a flaw in the encryption to decrypt the file and get the key!

Analysing the encryption code

The encryption code provided with the challenge was a pretty straightforward XOR-cipher with a 24-byte long key.

The only working attack against this is a known-cleartext attack.

Reading up on the PNG file format & counting bytes

Fortunately for us, PNG files have a fixed header, so it’s pretty easy to get the first 8 bytes of the key. The IHDR header is also always at the same place…4 more bytes!

We can also guess the size of the picture, as the filename is fullhd.png, we can assume the size is 1920x1080. That’s 8 more bytes!

Finally, I had to guess the size of the IHDR header…got it first try (0x0D)! That’s another 4 bytes :D

8 + 4 + 8 + 4 = 24

=> We’ve got the full key.

Cracking the key and decrypting

The program then uses that key to decrypt the file.

#!/usr/bin/env python
# coding: utf-8

from enc27 import supa_encryption

with open("BITSCTFfullhd.png", "rb") as f:
    txt = f.read()

known_offsets = {
    # Magic sequence
    0: 0x89,
    1: 0x50,
    2: 0x4E,
    3: 0x47,
    4: 0x0D,
    5: 0x0A,
    6: 0x1A,
    7: 0x0A,
    
    # IHDR length
    8: 0x00,
    9: 0x00,
    10: 0x00,
    11: 0x0d,
    
    # IHDR
    12: 0x49,
    13: 0x48,
    14: 0x44,
    15: 0x52,
    
    # Width: 1920
    16: 0x00,
    17: 0x00,
    18: 0x07,
    19: 0x80,
    
    # Height: 1080
    20: 0x00,
    21: 0x00,
    22: 0x04,
    23: 0x38
}
key = ["ø"] * 24
i = 0

for b in txt:
    if i in known_offsets.keys():
        q = known_offsets[i]
        c = ord(b)
    
        d = c ^ q
        keyidx = i % 24
        key[keyidx] = chr(d)
    i += 1
    
print("Key found: %s" % (''.join(key)))

with open('BITSCTFfullhd.png','rb') as f:
    data = f.read()
    
enc_data = ''
for i in range(0, len(data), 24):
    enc = supa_encryption(data[i:i+24], key)
    enc_data += enc
    
with open('fullhd.png', 'wb') as f:
    f.write(enc_data)

The image file has the flag handwritten in it: BITSCTF{p_en_gee}

The encryption key was rkh%QP4g0&3g46@4*%f(UN#\