{"componentChunkName":"component---src-templates-post-template-js","path":"/ctf-tuctf-2025-en","result":{"data":{"markdownRemark":{"id":"bdd9809b-e6d9-56fd-8663-da087b8b695c","html":"<blockquote>\n<p>This page has been machine-translated from the <a href=\"/ctf-tuctf-2025\">original page</a>.</p>\n</blockquote>\n<p>I participated in TUCTF 2024 (which was actually held in 2025) with 0nePadding.</p>\n<p>I was so busy that the scoreboard had already been closed by the time I got around to writing a writeup, but I will at least document the challenges I solved.</p>\n<!-- omit in toc -->\n<h2 id=\"table-of-contents\" style=\"position:relative;\"><a href=\"#table-of-contents\" aria-label=\"table of contents permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Table of Contents</h2>\n<ul>\n<li><a href=\"#mystery-boxrev\">Mystery Box(Rev)</a></li>\n<li><a href=\"#simple-loginrev\">Simple Login(Rev)</a></li>\n<li><a href=\"#custom-image-generatorrev\">Custom Image Generator(Rev)</a></li>\n<li><a href=\"#mystery-presentationforensic\">Mystery Presentation(Forensic)</a></li>\n<li><a href=\"#packet-detectiveforensic\">Packet Detective(Forensic)</a></li>\n<li><a href=\"#security-rocksforensic\">Security Rocks(Forensic)</a></li>\n<li><a href=\"#summary\">Summary</a></li>\n</ul>\n<h2 id=\"mystery-boxrev\" style=\"position:relative;\"><a href=\"#mystery-boxrev\" aria-label=\"mystery boxrev permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Mystery Box(Rev)</h2>\n<blockquote>\n<p>Lets play a game!!! You spend hours trying to guess my secret phrase! Can you figure out the secret code and retrieve the flag?</p>\n</blockquote>\n<p>Running the challenge binary launches a menu like the one below asking whether you want to play the game.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 424px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/8028e410d3d64ba0afe186ee2f446240/1cfa9/image-20250125153407898.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 47.5%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAKCAYAAAC0VX7mAAAACXBIWXMAAAsTAAALEwEAmpwYAAABN0lEQVQoz42SWY/CMAyE81RBoVCuSuUq4ixXEYdA/P8fNqvPUiJUaZd9GNlxYnvGjivLUsfjUcvlUuPxWJxPp5MOh4NWq5Uul4uGw6HiOFa73f4KR6Hn86n9fq/3+63r9arRaKQ8z81mWaZOp6NWq/VnIX/vJpOJbrebZrOZer2e0jRVFEWGZrNp8I+xdb/eyMFovV6rqiorCmMkbzYbYzkYDEJikiQGLx//kx3WIZeC2N1uZ5IBPk2YKU3m87mdidOQuZ7PZ1O3WCxCE8dCAI9g+Hg8LHk6ndpiiBPjrtvtGvr9viXjMyZsmCEBHmCRgETOzBKwFF8AFiR+Wu8HybCANlLA/X4PjJkjMmny7dsEhkVR6PV6abvdWmHmyWbrD+v+r/+QWcGIT91oNML2fLL/g/8pBn4ACg38HCiMn+kAAAAASUVORK5CYII='); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/8028e410d3d64ba0afe186ee2f446240/8ac56/image-20250125153407898.webp 240w,\n/static/8028e410d3d64ba0afe186ee2f446240/96b95/image-20250125153407898.webp 424w\"\n              sizes=\"(max-width: 424px) 100vw, 424px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/8028e410d3d64ba0afe186ee2f446240/8ff5a/image-20250125153407898.png 240w,\n/static/8028e410d3d64ba0afe186ee2f446240/1cfa9/image-20250125153407898.png 424w\"\n            sizes=\"(max-width: 424px) 100vw, 424px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/8028e410d3d64ba0afe186ee2f446240/1cfa9/image-20250125153407898.png\"\n            alt=\"image-20250125153407898\"\n            title=\"image-20250125153407898\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>Tracing the relevant part in the binary shows that it has functionality to display, as the flag, a string obtained by XORing data hardcoded in the data section with 0x5a.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 744px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/1e352fad65b4187b3d084b0ab6662e70/cab8c/image-20250125153339861.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 88.33333333333333%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAASCAYAAABb0P4QAAAACXBIWXMAAAsTAAALEwEAmpwYAAACM0lEQVQ4y5VUW5LaMBD0QZJdwMiWrKexzcNgyEKSn63k/rfptIQDVIqFzUeXbEnTGvVMK6usgbEe2joob1FIBVGUKErJkRjHeXn+nnMtF0Ua7yETJLD1CsF3CK5GU7cItobVDoaw2qdRaR7s/HPCQkpuDNDGQxkDHTg6m7KJgefg4p/vj0mzkoSV1rDeozI2XVvVDkLKS1AiiwEX0geEMZOoWyR0PqBpu/R/CbgT+FhDEpZKwvKaFa9dGg1ZWy7Kh4EPNFQpI6UrLJqAbtmR/Cy+uMGnCXMhMJsXJBWoaxJbjbKq8DrN8TIjprOECb+n+fwpsgU1W7RLdKsV1v0a7aZHwyzbrsNutcZ+3WPod2i6JULTPkW22Q2I6Ic9tsTh7Yhhv8fxdMKv7z/w+xjHnxiGA1b9Fuvt7iGyfC6S+CJVT8CF2MA6tUnOgn2ZTPGVeOWVJyP+yvDC+cnN/IQyXYoiqVupNOpgEdjcms1uaMdoydSflYGjvvH/RFnehwHv395Qs9Uq4yDpJOnMtQ+LMlbawoeQilIqYjwsrsV9Up33Onq/ZicEXzMRnfZGIxSVuiEktCYpJxVP1MyqlFUKEEqNkpydMqVMCazqTFxtmbNbsmJ8RYy12PY9Dps9qzsQO3TtCtvNjjI0WPgmXftpH4qRMDV2S/vRMUV8tuITlrTV6fSZENdMHnk5ZhgfCFGOm8Q9316D8w/8fX1tVBQ5VjDA08ve8CmrLBxHz7mY5fw/PP0HiKgXmGJyr8UAAAAASUVORK5CYII='); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/1e352fad65b4187b3d084b0ab6662e70/8ac56/image-20250125153339861.webp 240w,\n/static/1e352fad65b4187b3d084b0ab6662e70/d3be9/image-20250125153339861.webp 480w,\n/static/1e352fad65b4187b3d084b0ab6662e70/43142/image-20250125153339861.webp 744w\"\n              sizes=\"(max-width: 744px) 100vw, 744px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/1e352fad65b4187b3d084b0ab6662e70/8ff5a/image-20250125153339861.png 240w,\n/static/1e352fad65b4187b3d084b0ab6662e70/e85cb/image-20250125153339861.png 480w,\n/static/1e352fad65b4187b3d084b0ab6662e70/cab8c/image-20250125153339861.png 744w\"\n            sizes=\"(max-width: 744px) 100vw, 744px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/1e352fad65b4187b3d084b0ab6662e70/cab8c/image-20250125153339861.png\"\n            alt=\"image-20250125153339861\"\n            title=\"image-20250125153339861\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>Analyzing this reveals that the correct flag is <code class=\"language-text\">TUCTF{Banana_Socks}</code>.</p>\n<h2 id=\"simple-loginrev\" style=\"position:relative;\"><a href=\"#simple-loginrev\" aria-label=\"simple loginrev permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Simple Login(Rev)</h2>\n<blockquote>\n<p>Muhahaha, you will never get past my secret defenses. (When done correctly, this challenge returns the flag missing the opening curly brace; this needs to be there for the flag to work, and can be added easily).</p>\n</blockquote>\n<p>Analyzing the challenge binary shows that it first checks whether the keyword <code class=\"language-text\">TheSuperSecureAdminWhoseSecretWillNeverBeGotten</code> has been entered.</p>\n<p>And once the user enters <code class=\"language-text\">TheSuperSecureAdminWhoseSecretWillNeverBeGotten</code>, it next asks for an authentication password in order to display the flag.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 910px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/5d09cacdb0e9d6ea0cf97e9e5f80dded/c6bbc/image-20250125160806758.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 75.41666666666667%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAPCAYAAADkmO9VAAAACXBIWXMAAAsTAAALEwEAmpwYAAACAElEQVQ4y31T2ZLaMBDkW4JtybrlE3MYMN4Ulbet/P+3dGbEwoZrH7pGUtmj7unWYjzPYGwPB+ynEw7zGZtxj/VuvMPAdbxi/xYLs65hVhHLvIA2FiFGKGOQlRrCeBTGQWqTzpa5+ELxFos4D4inFXIhEKoOXbdGHWpYExBDA2sjDDXVqbGjcw+rPbSyMLQ3+lJLpSEJCz+2YGTU0FGjqulQxxqyVIlxLuQdg4xRiO/6gIXbEguSzRvrPGJdU+NIbDwUsWNoV8H45rZmKEtnLtAo7INkkhuni2RtDTzN0IaAZSFuM8sYhXyBFwz92MHvOxRSoqThV3WDuutILs2kLImpRqHKH424a2g3JHlTp1lJcjbUPWoyp/IRVagQCI7WpdQ0eJMu/dnl05AkF7JMP1TtCn0/JDe1dbcGfOEriU+Sp79/cPw8p/DuDkdM84zjxwd+U8g/pxkT1d1xSmHvN1usHjBsd3cgl1uw08xQcFTIaV+1yRhF+VLE+po5TZljKNpz5pj9E0OWG6b+MkMavg8OsWkhyIxMlOmcIWhdELgKqdKaSTzNMBz6FGz+yXqODeXQxTRDNiKxY0bUhB3PqcmvPH/p8HewhyptcrqVHeV3q1hSqZPzLFvIC6Pry7k2eGLIDR3FJqMPQ9BoG37D9F6NgrH2a64OBdXlm+f2P/4B/57JtbGV1qIAAAAASUVORK5CYII='); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/5d09cacdb0e9d6ea0cf97e9e5f80dded/8ac56/image-20250125160806758.webp 240w,\n/static/5d09cacdb0e9d6ea0cf97e9e5f80dded/d3be9/image-20250125160806758.webp 480w,\n/static/5d09cacdb0e9d6ea0cf97e9e5f80dded/92674/image-20250125160806758.webp 910w\"\n              sizes=\"(max-width: 910px) 100vw, 910px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/5d09cacdb0e9d6ea0cf97e9e5f80dded/8ff5a/image-20250125160806758.png 240w,\n/static/5d09cacdb0e9d6ea0cf97e9e5f80dded/e85cb/image-20250125160806758.png 480w,\n/static/5d09cacdb0e9d6ea0cf97e9e5f80dded/c6bbc/image-20250125160806758.png 910w\"\n            sizes=\"(max-width: 910px) 100vw, 910px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/5d09cacdb0e9d6ea0cf97e9e5f80dded/c6bbc/image-20250125160806758.png\"\n            alt=\"image-20250125160806758\"\n            title=\"image-20250125160806758\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>This password is checked in three stages from the beginning of the string, and if all validations succeed, the correct flag is decrypted and displayed.</p>\n<p>The first validation is implemented as shown below; if the string starts with <code class=\"language-text\">ruint</code>, execution proceeds to the next check.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 614px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/cc0a889bf8f5b1a2e46b705da505aca0/e9131/image-20250125160746385.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 59.166666666666664%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAMCAYAAABiDJ37AAAACXBIWXMAAAsTAAALEwEAmpwYAAACGklEQVQoz3VT227bMAz1dwxYFt8iS7bka3yP49hOkzZbBxR769v2/99wRitOEHTdwwEpiqIPyWMjnipsv3cI8hC2s4HwfbRlim0Soi4T1FWGJMuRJSn+nI841TWEVAh8hVSllC8hohAO82C7GxiySRF2W3jKh7NhYNyHL0N4IkCUZnA5x9qyYTkuvpJd2472LdeFSXYuYi92fm+k51Yz5FEAx2UIlECazl8lFkkEl5KcBY/+Z9AMVZsh3OdgUtADjxhyyFAgiCLIKAFXktphdwa3h//zjXmG2WUHP1Oaocs4XTA9m2GaoKhtJv2l6OesHs9GdCiQPNXgcaBb2nhcX/iBQjf0COIMXkjjYBs9O9td5rbgY1Ej7HIkxFIkSrc8F3RpY5wY7seRGG4hlKIlSTBalEdxTwgajYDH/X8YG+FYIH1u4BFD03L010zapCc49vuCCviwPAkuSSKEIExJBfIqF8JqbWoV3GDsLhO61yOqfoe8rJFXMyqUdYWiLkiHFV6aGk1ZYlsWlFMgK2a/RFGVqNoWRXPLr2Ec33/i/PsN/eWIuu3Q7HvshwOm0xFvv15xef2B95cTnoYR/dRjGAfs+l7PdzoeMJ5OOMzxYY4NMEQVI9hlcASjlq8CNm2XNu4gjgWdHXyhtlamhW9ri1oka16x0mfzGl9iRjySbJ5bkk14X8r8l3B51Z8WNC3JZeyOu9DZw90S+wt3P3AFSJ1phQAAAABJRU5ErkJggg=='); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/cc0a889bf8f5b1a2e46b705da505aca0/8ac56/image-20250125160746385.webp 240w,\n/static/cc0a889bf8f5b1a2e46b705da505aca0/d3be9/image-20250125160746385.webp 480w,\n/static/cc0a889bf8f5b1a2e46b705da505aca0/5316f/image-20250125160746385.webp 614w\"\n              sizes=\"(max-width: 614px) 100vw, 614px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/cc0a889bf8f5b1a2e46b705da505aca0/8ff5a/image-20250125160746385.png 240w,\n/static/cc0a889bf8f5b1a2e46b705da505aca0/e85cb/image-20250125160746385.png 480w,\n/static/cc0a889bf8f5b1a2e46b705da505aca0/e9131/image-20250125160746385.png 614w\"\n            sizes=\"(max-width: 614px) 100vw, 614px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/cc0a889bf8f5b1a2e46b705da505aca0/e9131/image-20250125160746385.png\"\n            alt=\"image-20250125160746385\"\n            title=\"image-20250125160746385\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>The next validation is implemented as follows and checks whether each character XORed with 0x32 matches a hardcoded value.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 510px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/f6ab43c6579e5e933de8e68ffc3baa0d/0abdd/image-20250125160719757.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 39.583333333333336%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAICAYAAAD5nd/tAAAACXBIWXMAAAsTAAALEwEAmpwYAAABZElEQVQoz3WQ207DMBBE8ymQOIljJ3auBdog8YIo4h+gLU3SQoDC/0vDrntBIPFw5LU3mdlZb7Hbgnl6HfD43GE1bLBYd1gOI1bbHZ5fPrF++cKq37je5u0dy37AsuvRv44Yxg+6d9iMPRZdB69sL8HkFw1MXsAUJYqqRlk3qJoLqhtkebnvEbb4Ux/utti/edX9DOV8inRawvcFgjCCsRaWyIyBTjOc+QHOA4FzIdzpM4f6L15936Kaz6AnBcIwRhhLWHLKjHViR9gkEJEzZHxGMCFEFJ/wqjua8HYKVRkIJxhDqgQySRArCU1TJjpFpBVknlJPOXSaIM0ywiCMpDM5CTJ6kkOIGJGUUPRzXVu0rUVz1ZCodYKa3hKtkZCgzRVy2ltZVi7VSbB5uAaT0Q5ZkJs8pdISmdUQVHM8jusH4U/kQ1zmKManl99MYAlF7hyZG1WdkrNGbFL6KP61o/84in4DUqX+smV4SFoAAAAASUVORK5CYII='); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/f6ab43c6579e5e933de8e68ffc3baa0d/8ac56/image-20250125160719757.webp 240w,\n/static/f6ab43c6579e5e933de8e68ffc3baa0d/d3be9/image-20250125160719757.webp 480w,\n/static/f6ab43c6579e5e933de8e68ffc3baa0d/b7235/image-20250125160719757.webp 510w\"\n              sizes=\"(max-width: 510px) 100vw, 510px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/f6ab43c6579e5e933de8e68ffc3baa0d/8ff5a/image-20250125160719757.png 240w,\n/static/f6ab43c6579e5e933de8e68ffc3baa0d/e85cb/image-20250125160719757.png 480w,\n/static/f6ab43c6579e5e933de8e68ffc3baa0d/0abdd/image-20250125160719757.png 510w\"\n            sizes=\"(max-width: 510px) 100vw, 510px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/f6ab43c6579e5e933de8e68ffc3baa0d/0abdd/image-20250125160719757.png\"\n            alt=\"image-20250125160719757\"\n            title=\"image-20250125160719757\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>In the final validation, it checks whether taking each character, subtracting 0x54, reducing it modulo 0x1a, and then adding 0x61 yields the hardcoded values.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 688px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/6585d1e8fb82297ee77f96daaa462206/ebf47/image-20250125160554006.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 19.166666666666664%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAECAYAAACOXx+WAAAACXBIWXMAAAsTAAALEwEAmpwYAAAA1ElEQVQY012M226CUBBF+RbhDKChyrWHi8SXPtj3tqgg0rT+/x+sDsTEpA8ra89kzzjd741uGjkNynWkGyZO453z7a55pJ++l/3MMP1wVvfjwFevXGZf+VR/XPolO/b9QFK/Em1j0jyjaUvaQ0nVWGxdYKuCZt+Q5QV5W5FqN1cSW5CUar2xZU69b9mlGU56rAniiJVrWHnCehOwi0MkEIwInhjE93GN4PqK/MOYpSdBiOsZnOStYpNvdRCilzVJFuGF4fLcNf6D+djHUz95zPLszPkPjYWFEOJ1pnAAAAAASUVORK5CYII='); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/6585d1e8fb82297ee77f96daaa462206/8ac56/image-20250125160554006.webp 240w,\n/static/6585d1e8fb82297ee77f96daaa462206/d3be9/image-20250125160554006.webp 480w,\n/static/6585d1e8fb82297ee77f96daaa462206/01c7f/image-20250125160554006.webp 688w\"\n              sizes=\"(max-width: 688px) 100vw, 688px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/6585d1e8fb82297ee77f96daaa462206/8ff5a/image-20250125160554006.png 240w,\n/static/6585d1e8fb82297ee77f96daaa462206/e85cb/image-20250125160554006.png 480w,\n/static/6585d1e8fb82297ee77f96daaa462206/ebf47/image-20250125160554006.png 688w\"\n            sizes=\"(max-width: 688px) 100vw, 688px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/6585d1e8fb82297ee77f96daaa462206/ebf47/image-20250125160554006.png\"\n            alt=\"image-20250125160554006\"\n            title=\"image-20250125160554006\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>A string satisfying these conditions can be generated with the following code.</p>\n<div class=\"gatsby-highlight\" data-language=\"python\"><pre class=\"language-python\"><code class=\"language-python\">S <span class=\"token operator\">=</span> <span class=\"token string\">\"reingvbaonetr\"</span>\n<span class=\"token keyword\">for</span> s <span class=\"token keyword\">in</span> S<span class=\"token punctuation\">:</span>\n    tmp <span class=\"token operator\">=</span> <span class=\"token builtin\">ord</span><span class=\"token punctuation\">(</span>s<span class=\"token punctuation\">)</span> <span class=\"token operator\">-</span> <span class=\"token number\">0x61</span>\n    <span class=\"token keyword\">print</span><span class=\"token punctuation\">(</span><span class=\"token builtin\">chr</span><span class=\"token punctuation\">(</span>tmp <span class=\"token operator\">+</span> <span class=\"token number\">0x54</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span>end<span class=\"token operator\">=</span><span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span></code></pre></div>\n<p>In the end, entering the password <code class=\"language-text\">ruinthosepreseX\\aZiUTbaXge</code> produced the correct flag, <code class=\"language-text\">TUCTF{running_through_the_subroutines!!}</code>.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 896px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/177635daaf08a573c3275fd21807e4d8/4c42d/image-20250125160501933.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 22.083333333333332%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAECAYAAACOXx+WAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAsUlEQVQY02WQRwqFMABEs7UgdgSxIXZsCIL3P9h8ZiCrv3iQNi+TmGmaQIZhwL7vmOdZ823bsK4ruq5DXdfo+x5t26JpGuR5jiRJkKYpwjCE53nwfV+Y8zyxLIvC13WJ4zhw37fEFFVVhaIoJIiiSLI4jkUQBHAcB67rCsPw+754nkeS7/skYhu2HsdRUjbLsuxPyEu4bvcMQ3ymfSqbkrIs1YqHGGSAImLHlFkhv4Fnf6Ocay8xfiz/AAAAAElFTkSuQmCC'); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/177635daaf08a573c3275fd21807e4d8/8ac56/image-20250125160501933.webp 240w,\n/static/177635daaf08a573c3275fd21807e4d8/d3be9/image-20250125160501933.webp 480w,\n/static/177635daaf08a573c3275fd21807e4d8/c1a89/image-20250125160501933.webp 896w\"\n              sizes=\"(max-width: 896px) 100vw, 896px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/177635daaf08a573c3275fd21807e4d8/8ff5a/image-20250125160501933.png 240w,\n/static/177635daaf08a573c3275fd21807e4d8/e85cb/image-20250125160501933.png 480w,\n/static/177635daaf08a573c3275fd21807e4d8/4c42d/image-20250125160501933.png 896w\"\n            sizes=\"(max-width: 896px) 100vw, 896px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/177635daaf08a573c3275fd21807e4d8/4c42d/image-20250125160501933.png\"\n            alt=\"image-20250125160501933\"\n            title=\"image-20250125160501933\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<h2 id=\"custom-image-generatorrev\" style=\"position:relative;\"><a href=\"#custom-image-generatorrev\" aria-label=\"custom image generatorrev permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Custom Image Generator(Rev)</h2>\n<blockquote>\n<p>It’s still a work in progress, but I made my own file format! It is pretty efficient I think, but there may be improvements.</p>\n</blockquote>\n<p>In the next challenge, we are given the code below, which generates files by encoding RGB data in a custom format, along with a file produced by encoding an image with that code.</p>\n<div class=\"gatsby-highlight\" data-language=\"python\"><pre class=\"language-python\"><code class=\"language-python\"><span class=\"token keyword\">from</span> PIL <span class=\"token keyword\">import</span> Image\n<span class=\"token keyword\">import</span> numpy <span class=\"token keyword\">as</span> np\n<span class=\"token keyword\">import</span> crc8\n\n<span class=\"token keyword\">def</span> <span class=\"token function\">main</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">:</span>\n    inp <span class=\"token operator\">=</span> <span class=\"token builtin\">input</span><span class=\"token punctuation\">(</span><span class=\"token triple-quoted-string string\">\"\"\"\n                Welcome to the TU Image Program\n                It can convert images to TIMGs\n                It will also display TIGMs\n\n                [1] Convert Image to TIMG\n                [2] Display TIMG\n\n                \"\"\"</span><span class=\"token punctuation\">)</span>\n    <span class=\"token keyword\">match</span> inp<span class=\"token punctuation\">:</span>\n        <span class=\"token keyword\">case</span> <span class=\"token string\">\"1\"</span><span class=\"token punctuation\">:</span>\n            conv<span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span>\n        <span class=\"token keyword\">case</span> <span class=\"token string\">\"2\"</span><span class=\"token punctuation\">:</span>\n            display<span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> <span class=\"token comment\">#TODO: Add</span>\n            <span class=\"token triple-quoted-string string\">'''\n⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⠟⠛⠛⠛⠋⠉⠉⠉⠉⠉⠉⠉⠉⠉⠉⠉⠉⠉⠙⠛⠛⠛⠿⠻⠿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿\n⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⠋⠀⠀⠀⠀⠀⡀⠠⠤⠒⢂⣉⣉⣉⣑⣒⣒⠒⠒⠒⠒⠒⠒⠒⠀⠀⠐⠒⠚⠻⠿⠿⣿⣿⣿⣿⣿⣿⣿⣿\n⣿⣿⣿⣿⣿⣿⣿⣿⠏⠀⠀⠀⠀⡠⠔⠉⣀⠔⠒⠉⣀⣀⠀⠀⠀⣀⡀⠈⠉⠑⠒⠒⠒⠒⠒⠈⠉⠉⠉⠁⠂⠀⠈⠙⢿⣿⣿⣿⣿⣿\n⣿⣿⣿⣿⣿⣿⣿⠇⠀⠀⠀⠔⠁⠠⠖⠡⠔⠊⠀⠀⠀⠀⠀⠀⠀⠐⡄⠀⠀⠀⠀⠀⠀⡄⠀⠀⠀⠀⠉⠲⢄⠀⠀⠀⠈⣿⣿⣿⣿⣿\n⣿⣿⣿⣿⣿⣿⠋⠀⠀⠀⠀⠀⠀⠀⠊⠀⢀⣀⣤⣤⣤⣤⣀⠀⠀⠀⢸⠀⠀⠀⠀⠀⠜⠀⠀⠀⠀⣀⡀⠀⠈⠃⠀⠀⠀⠸⣿⣿⣿⣿\n⣿⣿⣿⣿⡿⠥⠐⠂⠀⠀⠀⠀⡄⠀⠰⢺⣿⣿⣿⣿⣿⣟⠀⠈⠐⢤⠀⠀⠀⠀⠀⠀⢀⣠⣶⣾⣯⠀⠀⠉⠂⠀⠠⠤⢄⣀⠙⢿⣿⣿\n⣿⡿⠋⠡⠐⠈⣉⠭⠤⠤⢄⡀⠈⠀⠈⠁⠉⠁⡠⠀⠀⠀⠉⠐⠠⠔⠀⠀⠀⠀⠀⠲⣿⠿⠛⠛⠓⠒⠂⠀⠀⠀⠀⠀⠀⠠⡉⢢⠙⣿\n⣿⠀⢀⠁⠀⠊⠀⠀⠀⠀⠀⠈⠁⠒⠂⠀⠒⠊⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⡇⠀⠀⠀⠀⠀⢀⣀⡠⠔⠒⠒⠂⠀⠈⠀⡇⣿\n⣿⠀⢸⠀⠀⠀⢀⣀⡠⠋⠓⠤⣀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠄⠀⠀⠀⠀⠀⠀⠈⠢⠤⡀⠀⠀⠀⠀⠀⠀⢠⠀⠀⠀⡠⠀⡇⣿\n⣿⡀⠘⠀⠀⠀⠀⠀⠘⡄⠀⠀⠀⠈⠑⡦⢄⣀⠀⠀⠐⠒⠁⢸⠀⠀⠠⠒⠄⠀⠀⠀⠀⠀⢀⠇⠀⣀⡀⠀⠀⢀⢾⡆⠀⠈⡀⠎⣸⣿\n⣿⣿⣄⡈⠢⠀⠀⠀⠀⠘⣶⣄⡀⠀⠀⡇⠀⠀⠈⠉⠒⠢⡤⣀⡀⠀⠀⠀⠀⠀⠐⠦⠤⠒⠁⠀⠀⠀⠀⣀⢴⠁⠀⢷⠀⠀⠀⢰⣿⣿\n⣿⣿⣿⣿⣇⠂⠀⠀⠀⠀⠈⢂⠀⠈⠹⡧⣀⠀⠀⠀⠀⠀⡇⠀⠀⠉⠉⠉⢱⠒⠒⠒⠒⢖⠒⠒⠂⠙⠏⠀⠘⡀⠀⢸⠀⠀⠀⣿⣿⣿\n⣿⣿⣿⣿⣿⣧⠀⠀⠀⠀⠀⠀⠑⠄⠰⠀⠀⠁⠐⠲⣤⣴⣄⡀⠀⠀⠀⠀⢸⠀⠀⠀⠀⢸⠀⠀⠀⠀⢠⠀⣠⣷⣶⣿⠀⠀⢰⣿⣿⣿\n⣿⣿⣿⣿⣿⣿⣧⠀⠀⠀⠀⠀⠀⠀⠁⢀⠀⠀⠀⠀⠀⡙⠋⠙⠓⠲⢤⣤⣷⣤⣤⣤⣤⣾⣦⣤⣤⣶⣿⣿⣿⣿⡟⢹⠀⠀⢸⣿⣿⣿\n⣿⣿⣿⣿⣿⣿⣿⣧⡀⠀⠀⠀⠀⠀⠀⠀⠑⠀⢄⠀⡰⠁⠀⠀⠀⠀⠀⠈⠉⠁⠈⠉⠻⠋⠉⠛⢛⠉⠉⢹⠁⢀⢇⠎⠀⠀⢸⣿⣿⣿\n⣿⣿⣿⣿⣿⣿⣿⣿⣿⣦⣀⠈⠢⢄⡉⠂⠄⡀⠀⠈⠒⠢⠄⠀⢀⣀⣀⣰⠀⠀⠀⠀⠀⠀⠀⠀⡀⠀⢀⣎⠀⠼⠊⠀⠀⠀⠘⣿⣿⣿\n⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣄⡀⠉⠢⢄⡈⠑⠢⢄⡀⠀⠀⠀⠀⠀⠀⠉⠉⠉⠉⠉⠉⠉⠉⠉⠉⠁⠀⠀⢀⠀⠀⠀⠀⠀⢻⣿⣿\n⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣦⣀⡈⠑⠢⢄⡀⠈⠑⠒⠤⠄⣀⣀⠀⠉⠉⠉⠉⠀⠀⠀⣀⡀⠤⠂⠁⠀⢀⠆⠀⠀⢸⣿⣿\n⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣦⣄⡀⠁⠉⠒⠂⠤⠤⣀⣀⣉⡉⠉⠉⠉⠉⢀⣀⣀⡠⠤⠒⠈⠀⠀⠀⠀⣸⣿⣿\n⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣶⣤⣄⣀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣰⣿⣿⣿\n⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣶⣶⣶⣶⣤⣤⣤⣤⣀⣀⣤⣤⣤⣶⣾⣿⣿⣿⣿⣿\n'''</span>\n\n            \n        <span class=\"token keyword\">case</span> <span class=\"token keyword\">_</span><span class=\"token punctuation\">:</span>\n            <span class=\"token keyword\">return</span> <span class=\"token number\">0</span>\n    <span class=\"token keyword\">return</span> <span class=\"token number\">0</span>\n\n\n<span class=\"token keyword\">def</span> <span class=\"token function\">conv</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">:</span>\n    <span class=\"token builtin\">file</span> <span class=\"token operator\">=</span> <span class=\"token builtin\">input</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"Enter the path to you image you want converted to a TIMG file:\\n\"</span><span class=\"token punctuation\">)</span>\n    out <span class=\"token operator\">=</span> <span class=\"token builtin\">input</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"Enter the path youd like to write the TIMG to:\\n\"</span><span class=\"token punctuation\">)</span>\n    img <span class=\"token operator\">=</span> Image<span class=\"token punctuation\">.</span><span class=\"token builtin\">open</span><span class=\"token punctuation\">(</span><span class=\"token builtin\">file</span><span class=\"token punctuation\">)</span>\n    w<span class=\"token punctuation\">,</span>h <span class=\"token operator\">=</span> img<span class=\"token punctuation\">.</span>size\n    write <span class=\"token operator\">=</span> <span class=\"token punctuation\">[</span><span class=\"token string\">b'\\x54'</span><span class=\"token punctuation\">,</span><span class=\"token string\">b'\\x49'</span><span class=\"token punctuation\">,</span><span class=\"token string\">b'\\x4D'</span><span class=\"token punctuation\">,</span><span class=\"token string\">b'\\x47'</span><span class=\"token punctuation\">,</span><span class=\"token string\">b'\\x00'</span><span class=\"token punctuation\">,</span><span class=\"token string\">b'\\x01'</span><span class=\"token punctuation\">,</span><span class=\"token string\">b'\\x00'</span><span class=\"token punctuation\">,</span><span class=\"token string\">b'\\x02'</span><span class=\"token punctuation\">]</span>\n    <span class=\"token keyword\">for</span> x <span class=\"token keyword\">in</span> w<span class=\"token punctuation\">.</span>to_bytes<span class=\"token punctuation\">(</span><span class=\"token number\">4</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">:</span>\n        write<span class=\"token punctuation\">.</span>append<span class=\"token punctuation\">(</span>x<span class=\"token punctuation\">.</span>to_bytes<span class=\"token punctuation\">(</span><span class=\"token number\">1</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span>\n    <span class=\"token keyword\">for</span> y <span class=\"token keyword\">in</span> h<span class=\"token punctuation\">.</span>to_bytes<span class=\"token punctuation\">(</span><span class=\"token number\">4</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">:</span>\n        write<span class=\"token punctuation\">.</span>append<span class=\"token punctuation\">(</span>y<span class=\"token punctuation\">.</span>to_bytes<span class=\"token punctuation\">(</span><span class=\"token number\">1</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span>\n    write<span class=\"token punctuation\">.</span>append<span class=\"token punctuation\">(</span><span class=\"token string\">b'\\x52'</span><span class=\"token punctuation\">)</span>\n    write<span class=\"token punctuation\">.</span>append<span class=\"token punctuation\">(</span><span class=\"token string\">b'\\x55'</span><span class=\"token punctuation\">)</span>\n    write<span class=\"token punctuation\">.</span>append<span class=\"token punctuation\">(</span><span class=\"token string\">b'\\x42'</span><span class=\"token punctuation\">)</span>\n    write<span class=\"token punctuation\">.</span>append<span class=\"token punctuation\">(</span><span class=\"token string\">b'\\x59'</span><span class=\"token punctuation\">)</span>\n\n\n\n    <span class=\"token keyword\">for</span> i <span class=\"token keyword\">in</span> <span class=\"token builtin\">range</span><span class=\"token punctuation\">(</span>h<span class=\"token punctuation\">)</span><span class=\"token punctuation\">:</span>\n        dat <span class=\"token operator\">=</span> <span class=\"token punctuation\">[</span><span class=\"token string\">b'\\x44'</span><span class=\"token punctuation\">,</span><span class=\"token string\">b'\\x41'</span><span class=\"token punctuation\">,</span><span class=\"token string\">b'\\x54'</span><span class=\"token punctuation\">,</span><span class=\"token string\">b'\\x52'</span><span class=\"token punctuation\">]</span>\n        <span class=\"token keyword\">for</span> j <span class=\"token keyword\">in</span> <span class=\"token builtin\">range</span><span class=\"token punctuation\">(</span>w<span class=\"token punctuation\">)</span><span class=\"token punctuation\">:</span>\n            dat<span class=\"token punctuation\">.</span>append<span class=\"token punctuation\">(</span>img<span class=\"token punctuation\">.</span>getpixel<span class=\"token punctuation\">(</span><span class=\"token punctuation\">[</span>j<span class=\"token punctuation\">,</span>i<span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">[</span><span class=\"token number\">0</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">.</span>to_bytes<span class=\"token punctuation\">(</span><span class=\"token number\">1</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span>\n        dat<span class=\"token punctuation\">.</span>append<span class=\"token punctuation\">(</span>getCheck<span class=\"token punctuation\">(</span>dat<span class=\"token punctuation\">[</span><span class=\"token number\">4</span><span class=\"token punctuation\">:</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span>\n        <span class=\"token keyword\">for</span> wa <span class=\"token keyword\">in</span> dat<span class=\"token punctuation\">:</span>\n            write<span class=\"token punctuation\">.</span>append<span class=\"token punctuation\">(</span>wa<span class=\"token punctuation\">)</span>\n\n    <span class=\"token keyword\">for</span> i <span class=\"token keyword\">in</span> <span class=\"token builtin\">range</span><span class=\"token punctuation\">(</span>h<span class=\"token punctuation\">)</span><span class=\"token punctuation\">:</span> \n        dat <span class=\"token operator\">=</span> <span class=\"token punctuation\">[</span><span class=\"token string\">b'\\x44'</span><span class=\"token punctuation\">,</span><span class=\"token string\">b'\\x41'</span><span class=\"token punctuation\">,</span><span class=\"token string\">b'\\x54'</span><span class=\"token punctuation\">,</span><span class=\"token string\">b'\\x47'</span><span class=\"token punctuation\">]</span>\n        <span class=\"token keyword\">for</span> j <span class=\"token keyword\">in</span> <span class=\"token builtin\">range</span><span class=\"token punctuation\">(</span>w<span class=\"token punctuation\">)</span><span class=\"token punctuation\">:</span>\n            dat<span class=\"token punctuation\">.</span>append<span class=\"token punctuation\">(</span>img<span class=\"token punctuation\">.</span>getpixel<span class=\"token punctuation\">(</span><span class=\"token punctuation\">[</span>j<span class=\"token punctuation\">,</span>i<span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">[</span><span class=\"token number\">1</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">.</span>to_bytes<span class=\"token punctuation\">(</span><span class=\"token number\">1</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span>\n        dat<span class=\"token punctuation\">.</span>append<span class=\"token punctuation\">(</span>getCheck<span class=\"token punctuation\">(</span>dat<span class=\"token punctuation\">[</span><span class=\"token number\">4</span><span class=\"token punctuation\">:</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span>\n        <span class=\"token keyword\">for</span> wa <span class=\"token keyword\">in</span> dat<span class=\"token punctuation\">:</span>\n            write<span class=\"token punctuation\">.</span>append<span class=\"token punctuation\">(</span>wa<span class=\"token punctuation\">)</span>\n\n    <span class=\"token keyword\">for</span> i <span class=\"token keyword\">in</span> <span class=\"token builtin\">range</span><span class=\"token punctuation\">(</span>h<span class=\"token punctuation\">)</span><span class=\"token punctuation\">:</span> \n        dat <span class=\"token operator\">=</span> <span class=\"token punctuation\">[</span><span class=\"token string\">b'\\x44'</span><span class=\"token punctuation\">,</span><span class=\"token string\">b'\\x41'</span><span class=\"token punctuation\">,</span><span class=\"token string\">b'\\x54'</span><span class=\"token punctuation\">,</span><span class=\"token string\">b'\\x42'</span>  <span class=\"token punctuation\">]</span>\n        <span class=\"token keyword\">for</span> j <span class=\"token keyword\">in</span> <span class=\"token builtin\">range</span><span class=\"token punctuation\">(</span>w<span class=\"token punctuation\">)</span><span class=\"token punctuation\">:</span>\n            <span class=\"token keyword\">print</span><span class=\"token punctuation\">(</span>img<span class=\"token punctuation\">.</span>getpixel<span class=\"token punctuation\">(</span><span class=\"token punctuation\">[</span>j<span class=\"token punctuation\">,</span>i<span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">[</span><span class=\"token number\">2</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">.</span>to_bytes<span class=\"token punctuation\">(</span><span class=\"token number\">1</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span>\n            dat<span class=\"token punctuation\">.</span>append<span class=\"token punctuation\">(</span>img<span class=\"token punctuation\">.</span>getpixel<span class=\"token punctuation\">(</span><span class=\"token punctuation\">[</span>j<span class=\"token punctuation\">,</span>i<span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">[</span><span class=\"token number\">2</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">.</span>to_bytes<span class=\"token punctuation\">(</span><span class=\"token number\">1</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> \n        <span class=\"token keyword\">print</span><span class=\"token punctuation\">(</span>dat<span class=\"token punctuation\">)</span>  \n        dat<span class=\"token punctuation\">.</span>append<span class=\"token punctuation\">(</span>getCheck<span class=\"token punctuation\">(</span>dat<span class=\"token punctuation\">[</span><span class=\"token number\">4</span><span class=\"token punctuation\">:</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span>\n        <span class=\"token keyword\">for</span> wa <span class=\"token keyword\">in</span> dat<span class=\"token punctuation\">:</span>\n            write<span class=\"token punctuation\">.</span>append<span class=\"token punctuation\">(</span>wa<span class=\"token punctuation\">)</span>\n\n    write<span class=\"token punctuation\">.</span>append<span class=\"token punctuation\">(</span><span class=\"token string\">b'\\x44'</span><span class=\"token punctuation\">)</span>\n    write<span class=\"token punctuation\">.</span>append<span class=\"token punctuation\">(</span><span class=\"token string\">b'\\x41'</span><span class=\"token punctuation\">)</span>\n    write<span class=\"token punctuation\">.</span>append<span class=\"token punctuation\">(</span><span class=\"token string\">b'\\x54'</span><span class=\"token punctuation\">)</span>\n    write<span class=\"token punctuation\">.</span>append<span class=\"token punctuation\">(</span><span class=\"token string\">b'\\x45'</span><span class=\"token punctuation\">)</span>\n\n    <span class=\"token keyword\">with</span> <span class=\"token builtin\">open</span><span class=\"token punctuation\">(</span>out<span class=\"token punctuation\">,</span><span class=\"token string\">\"ab\"</span><span class=\"token punctuation\">)</span> <span class=\"token keyword\">as</span> f<span class=\"token punctuation\">:</span>\n        <span class=\"token keyword\">for</span> b <span class=\"token keyword\">in</span> write<span class=\"token punctuation\">:</span>\n            f<span class=\"token punctuation\">.</span>write<span class=\"token punctuation\">(</span>b<span class=\"token punctuation\">)</span>\n\n    <span class=\"token keyword\">return</span> <span class=\"token number\">0</span>  \n\n<span class=\"token keyword\">def</span> <span class=\"token function\">getCheck</span><span class=\"token punctuation\">(</span>datr<span class=\"token punctuation\">)</span><span class=\"token punctuation\">:</span>\n    dat <span class=\"token operator\">=</span> <span class=\"token string\">''</span>\n    <span class=\"token keyword\">for</span> w <span class=\"token keyword\">in</span> datr<span class=\"token punctuation\">:</span>\n        dat<span class=\"token operator\">+=</span><span class=\"token builtin\">chr</span><span class=\"token punctuation\">(</span><span class=\"token builtin\">int</span><span class=\"token punctuation\">.</span>from_bytes<span class=\"token punctuation\">(</span>w<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span>\n    <span class=\"token keyword\">print</span><span class=\"token punctuation\">(</span>datr      <span class=\"token punctuation\">)</span>\n    <span class=\"token keyword\">print</span><span class=\"token punctuation\">(</span>dat<span class=\"token punctuation\">.</span>encode<span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span>\n    <span class=\"token keyword\">return</span> <span class=\"token builtin\">int</span><span class=\"token punctuation\">.</span>to_bytes<span class=\"token punctuation\">(</span><span class=\"token builtin\">int</span><span class=\"token punctuation\">(</span>crc8<span class=\"token punctuation\">.</span>crc8<span class=\"token punctuation\">(</span>dat<span class=\"token punctuation\">.</span>encode<span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">.</span>hexdigest<span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span>base<span class=\"token operator\">=</span><span class=\"token number\">16</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span><span class=\"token number\">1</span><span class=\"token punctuation\">)</span>\n\n<span class=\"token keyword\">if</span> __name__<span class=\"token operator\">==</span><span class=\"token string\">'__main__'</span><span class=\"token punctuation\">:</span>\n    main<span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span></code></pre></div>\n<p>This code simply stores an image’s RGB data in a custom format, so the original image can be recovered easily with the following solver.</p>\n<div class=\"gatsby-highlight\" data-language=\"python\"><pre class=\"language-python\"><code class=\"language-python\"><span class=\"token keyword\">from</span> PIL <span class=\"token keyword\">import</span> Image\n<span class=\"token keyword\">import</span> numpy <span class=\"token keyword\">as</span> np\n<span class=\"token keyword\">import</span> struct\n<span class=\"token keyword\">import</span> crc8\n\n<span class=\"token keyword\">def</span> <span class=\"token function\">timg_to_jpg</span><span class=\"token punctuation\">(</span>timg_file<span class=\"token punctuation\">,</span> output_file<span class=\"token punctuation\">)</span><span class=\"token punctuation\">:</span>\n    <span class=\"token keyword\">try</span><span class=\"token punctuation\">:</span>\n        <span class=\"token keyword\">with</span> <span class=\"token builtin\">open</span><span class=\"token punctuation\">(</span>timg_file<span class=\"token punctuation\">,</span> <span class=\"token string\">\"rb\"</span><span class=\"token punctuation\">)</span> <span class=\"token keyword\">as</span> f<span class=\"token punctuation\">:</span>\n            data <span class=\"token operator\">=</span> f<span class=\"token punctuation\">.</span>read<span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span>\n\n        <span class=\"token comment\"># Check TIMG header</span>\n        <span class=\"token keyword\">if</span> data<span class=\"token punctuation\">[</span><span class=\"token punctuation\">:</span><span class=\"token number\">4</span><span class=\"token punctuation\">]</span> <span class=\"token operator\">!=</span> <span class=\"token string\">b'TIMG'</span><span class=\"token punctuation\">:</span>\n            <span class=\"token keyword\">raise</span> ValueError<span class=\"token punctuation\">(</span><span class=\"token string\">\"Invalid TIMG file\"</span><span class=\"token punctuation\">)</span>\n\n        <span class=\"token comment\"># Extract width and height</span>\n        width <span class=\"token operator\">=</span> <span class=\"token builtin\">int</span><span class=\"token punctuation\">.</span>from_bytes<span class=\"token punctuation\">(</span>data<span class=\"token punctuation\">[</span><span class=\"token number\">8</span><span class=\"token punctuation\">:</span><span class=\"token number\">12</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">\"big\"</span><span class=\"token punctuation\">)</span>\n        height <span class=\"token operator\">=</span> <span class=\"token builtin\">int</span><span class=\"token punctuation\">.</span>from_bytes<span class=\"token punctuation\">(</span>data<span class=\"token punctuation\">[</span><span class=\"token number\">12</span><span class=\"token punctuation\">:</span><span class=\"token number\">16</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">\"big\"</span><span class=\"token punctuation\">)</span>\n\n        <span class=\"token comment\"># Verify header consistency</span>\n        <span class=\"token keyword\">if</span> data<span class=\"token punctuation\">[</span><span class=\"token number\">16</span><span class=\"token punctuation\">:</span><span class=\"token number\">20</span><span class=\"token punctuation\">]</span> <span class=\"token operator\">!=</span> <span class=\"token string\">b'RUBY'</span><span class=\"token punctuation\">:</span>\n            <span class=\"token keyword\">raise</span> ValueError<span class=\"token punctuation\">(</span><span class=\"token string\">\"Invalid RUBY header\"</span><span class=\"token punctuation\">)</span>\n\n        <span class=\"token comment\"># Initialize RGB arrays</span>\n        r_channel <span class=\"token operator\">=</span> np<span class=\"token punctuation\">.</span>zeros<span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span>height<span class=\"token punctuation\">,</span> width<span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span> dtype<span class=\"token operator\">=</span>np<span class=\"token punctuation\">.</span>uint8<span class=\"token punctuation\">)</span>\n        g_channel <span class=\"token operator\">=</span> np<span class=\"token punctuation\">.</span>zeros<span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span>height<span class=\"token punctuation\">,</span> width<span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span> dtype<span class=\"token operator\">=</span>np<span class=\"token punctuation\">.</span>uint8<span class=\"token punctuation\">)</span>\n        b_channel <span class=\"token operator\">=</span> np<span class=\"token punctuation\">.</span>zeros<span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span>height<span class=\"token punctuation\">,</span> width<span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span> dtype<span class=\"token operator\">=</span>np<span class=\"token punctuation\">.</span>uint8<span class=\"token punctuation\">)</span>\n\n        <span class=\"token comment\"># Parse data sections</span>\n        offset <span class=\"token operator\">=</span> <span class=\"token number\">20</span>  <span class=\"token comment\"># Start after header</span>\n        <span class=\"token keyword\">for</span> color<span class=\"token punctuation\">,</span> channel <span class=\"token keyword\">in</span> <span class=\"token builtin\">zip</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">[</span><span class=\"token string\">b'DATR'</span><span class=\"token punctuation\">,</span> <span class=\"token string\">b'DATG'</span><span class=\"token punctuation\">,</span> <span class=\"token string\">b'DATB'</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token punctuation\">[</span>r_channel<span class=\"token punctuation\">,</span> g_channel<span class=\"token punctuation\">,</span> b_channel<span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">:</span>\n            <span class=\"token keyword\">for</span> i <span class=\"token keyword\">in</span> <span class=\"token builtin\">range</span><span class=\"token punctuation\">(</span>height<span class=\"token punctuation\">)</span><span class=\"token punctuation\">:</span>\n                <span class=\"token keyword\">if</span> data<span class=\"token punctuation\">[</span>offset<span class=\"token punctuation\">:</span>offset<span class=\"token operator\">+</span><span class=\"token number\">4</span><span class=\"token punctuation\">]</span> <span class=\"token operator\">!=</span> color<span class=\"token punctuation\">:</span>\n                    <span class=\"token keyword\">raise</span> ValueError<span class=\"token punctuation\">(</span><span class=\"token string-interpolation\"><span class=\"token string\">f\"Missing </span><span class=\"token interpolation\"><span class=\"token punctuation\">{</span>color<span class=\"token punctuation\">.</span>decode<span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">}</span></span><span class=\"token string\"> section\"</span></span><span class=\"token punctuation\">)</span>\n                offset <span class=\"token operator\">+=</span> <span class=\"token number\">4</span>  <span class=\"token comment\"># Skip section header</span>\n                <span class=\"token keyword\">for</span> j <span class=\"token keyword\">in</span> <span class=\"token builtin\">range</span><span class=\"token punctuation\">(</span>width<span class=\"token punctuation\">)</span><span class=\"token punctuation\">:</span>\n                    channel<span class=\"token punctuation\">[</span>i<span class=\"token punctuation\">,</span> j<span class=\"token punctuation\">]</span> <span class=\"token operator\">=</span> data<span class=\"token punctuation\">[</span>offset<span class=\"token punctuation\">]</span>\n                    offset <span class=\"token operator\">+=</span> <span class=\"token number\">1</span>\n\n                <span class=\"token comment\"># Skip checksum (1 byte)</span>\n                offset <span class=\"token operator\">+=</span> <span class=\"token number\">1</span>\n\n        <span class=\"token comment\"># Verify footer</span>\n        <span class=\"token keyword\">if</span> data<span class=\"token punctuation\">[</span>offset<span class=\"token punctuation\">:</span>offset<span class=\"token operator\">+</span><span class=\"token number\">4</span><span class=\"token punctuation\">]</span> <span class=\"token operator\">!=</span> <span class=\"token string\">b'DATE'</span><span class=\"token punctuation\">:</span>\n            <span class=\"token keyword\">raise</span> ValueError<span class=\"token punctuation\">(</span><span class=\"token string\">\"Invalid footer\"</span><span class=\"token punctuation\">)</span>\n\n        <span class=\"token comment\"># Combine channels into an image</span>\n        rgb_array <span class=\"token operator\">=</span> np<span class=\"token punctuation\">.</span>stack<span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span>r_channel<span class=\"token punctuation\">,</span> g_channel<span class=\"token punctuation\">,</span> b_channel<span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span> axis<span class=\"token operator\">=</span><span class=\"token number\">2</span><span class=\"token punctuation\">)</span>\n        img <span class=\"token operator\">=</span> Image<span class=\"token punctuation\">.</span>fromarray<span class=\"token punctuation\">(</span>rgb_array<span class=\"token punctuation\">,</span> <span class=\"token string\">\"RGB\"</span><span class=\"token punctuation\">)</span>\n\n        <span class=\"token comment\"># Save as JPG</span>\n        img<span class=\"token punctuation\">.</span>save<span class=\"token punctuation\">(</span>output_file<span class=\"token punctuation\">,</span> <span class=\"token string\">\"JPEG\"</span><span class=\"token punctuation\">)</span>\n        <span class=\"token keyword\">print</span><span class=\"token punctuation\">(</span><span class=\"token string-interpolation\"><span class=\"token string\">f\"Successfully converted TIMG to </span><span class=\"token interpolation\"><span class=\"token punctuation\">{</span>output_file<span class=\"token punctuation\">}</span></span><span class=\"token string\">\"</span></span><span class=\"token punctuation\">)</span>\n\n    <span class=\"token keyword\">except</span> Exception <span class=\"token keyword\">as</span> e<span class=\"token punctuation\">:</span>\n        <span class=\"token keyword\">print</span><span class=\"token punctuation\">(</span><span class=\"token string-interpolation\"><span class=\"token string\">f\"Error: </span><span class=\"token interpolation\"><span class=\"token punctuation\">{</span>e<span class=\"token punctuation\">}</span></span><span class=\"token string\">\"</span></span><span class=\"token punctuation\">)</span>\n\n<span class=\"token comment\"># Example usage</span>\ntimg_to_jpg<span class=\"token punctuation\">(</span><span class=\"token string\">\"flag.timg\"</span><span class=\"token punctuation\">,</span> <span class=\"token string\">\"output.jpg\"</span><span class=\"token punctuation\">)</span></code></pre></div>\n<p>Decoding the challenge file with this code yields the correct flag as shown below.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 880px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/6148a37b7998af015c78790313bae558/9c177/image-20250125175912639.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 100%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAACXBIWXMAAAsTAAALEwEAmpwYAAAFdklEQVQ4yx2Ue0yUVxrGv+wmza5bdUWKKGC1aFuFBezKTWaYQRyYGWHuwwwzMAwMV0cHwQlXaUEUFDUgxaUiBeqltBKtt7I2ot3ErU1blWQxWpvY2G5tzGazdbebzdpu+tu3/vHkfOd873ne23lepbe9iZ2hKraXWWmqctPXFqK3OUhXwxY6twfZ5itiTdxS1sfHkP7CMpJilxAfuYjk2ChS4qJZt3wZyfJ/ddRi1i6NQjk2PMj46weYGNzPaP8e3hk5xNvD/Rza1U73jjoqbEZiFsyTy1EkL4sgftF8npf96ohnSViyiIToxayOXEDc/HkkLY9GOXlkiPOTE1w6PcnMuSmunJ9i5uwUZ46N8v4742yrKCUn/fe49FrsG1XkZaaRLzBpNmDPVWPWqNiszkSflUHq6uUoF9+b4s7du9wVXL9+nVu3bvHw4bdPz+bm5rh9+zZ37tzh0aNH3Lh54+n3z7Y3xe7Bgwd8881DPr93j9nZWTar0lBOHxvhw+mz/HnmEtcuv8/HV6e5eOr40whPDg9QVeIRFLOlrJhgmZcqr5utsgZcNtn/fO6h1uchJJmoE15E2SV1Gu5tY+xgF+8eHeDsxBDjB16jpzFAoEBD4tIIkmIiWTrvGVYs/A2xz/6KlQt/zcvPLSBxWSQvPfdbYub9UvAL4hfPR7HmqrDqtLTU+RjZ186YoNlTiF/7CpaUlRRvSGSopZJtRTpUa1exKiqSl2OjSVkZR9KKGJZHLMQk90M1AUqddpQCbSY2nYbcjDSMUuA6j4UavZriV17CviYWvzqFi290ceVoJ+O7G7Fs+B1rliyWaBaRtGoF50+f4Kcnf4efBDxBKbfmSQc1EqWGnIxUkhPWkiNdDFj11BiyqdZlceZwN1eO9/PR1CDH99ZjTIgjJTqCy2fGheQf/Pj9X/n3327z45PHKKnJSeSr0nEKqT1fS7ndIORqiTqbkN/BwdYgF8b6uHXpLWYvTTA9vhdP1hpMKfE8/uIjvv/yM/7z7Rw/fPcF/318H2VdYqJElEq9z0ylQ4/LmIMtL5uuxlomh3o5N3aIa1NH+fTcm9y8cISrJ/roKttMccrzXH5zL/97OMvje9f41/1P+OHRHIo2fT3ZaalkS7p+Sb9aSPd37ODcxCCn/rCbP02N8sGJEaZlPzOxh+nRLvaFq+gsK6S7JI+JnTUMbPfRXlJAZ8CB0iAariwqQJOZjs+yiZN9DZw+3MHhziDhcgtHelv544lhJge76Q1XMnGghSLjJtymfBorimgpLaTepCKoW4d7/Qso9X4noTIH9X67DAIL9eUOOoLFHGyuwGnIZai7mYGuME0VNrZ4TRzYGSToNUtZNOhEclZ9LtUeKz0hHyFrDkquKgu9VoNNvAZLbTQGimiv87CvKYDdsInOoEcyMPLaVg81HjMuicyu30iJSYffpsdp3IhBI1oWbZtF68qG1PWo0kTwWi3FlgLxZidc7ZHuVtMnpP2tlQx11LK7wU+t10KVW+Ay4bMacRg2CmEur4rT9gqL2AZRVBmZqNMzyM7MFO8GShyFmI16tgfcjPeE6G+rpabEjrNQj0Wvo7zIRMfWUipdhbwqa2ulg7YqB7XWTVx9dwTFuVlPjlqNNitLSDMw5GrJzxEpBksZ2x9ma7kbl8VEkcmI2ZCHxZhHTzjATimLtzAPr6Tslnq65e1+dXMGZbRnBx2hCnxOCzpJO0eVjd9pZrBzG3U+B4FiK16bCa/Dit/twFZgkMFRwUBLtdTWRLXAI7NyX7iW7+7fQJk81Map19sZEeLmLX4aqssY3hPmcHcDva119DbV0lhZIsR2yuwWfHazPBcXb8izaq9xs0u6u6vOxYXxAf759V/4P5QVgNU6vVvBAAAAAElFTkSuQmCC'); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/6148a37b7998af015c78790313bae558/8ac56/image-20250125175912639.webp 240w,\n/static/6148a37b7998af015c78790313bae558/d3be9/image-20250125175912639.webp 480w,\n/static/6148a37b7998af015c78790313bae558/fd35f/image-20250125175912639.webp 880w\"\n              sizes=\"(max-width: 880px) 100vw, 880px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/6148a37b7998af015c78790313bae558/8ff5a/image-20250125175912639.png 240w,\n/static/6148a37b7998af015c78790313bae558/e85cb/image-20250125175912639.png 480w,\n/static/6148a37b7998af015c78790313bae558/9c177/image-20250125175912639.png 880w\"\n            sizes=\"(max-width: 880px) 100vw, 880px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/6148a37b7998af015c78790313bae558/9c177/image-20250125175912639.png\"\n            alt=\"image-20250125175912639\"\n            title=\"image-20250125175912639\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<h2 id=\"mystery-presentationforensic\" style=\"position:relative;\"><a href=\"#mystery-presentationforensic\" aria-label=\"mystery presentationforensic permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Mystery Presentation(Forensic)</h2>\n<blockquote>\n<p>We recently got this absolutely non-sensical presentation from a confidential informant, along with a notes that said “The truth hurts boomers, but it’s what on the inside that counts &#x3C;3”. We can’t make heads or tails of it, but it has to be important! Can you help us out?</p>\n</blockquote>\n<p>If you unzip the Office file provided with the challenge, you will find a folder named <code class=\"language-text\">secret_data.7z</code> inside.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 639px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/00b298dbd78ec7982fa8314567ba5c5d/738b8/image-20250125203721376.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 34.166666666666664%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAHCAYAAAAIy204AAAACXBIWXMAAAsTAAALEwEAmpwYAAABVUlEQVQoz01RW2+CYAzlZ3gHFGEC84LIZWOyZItBME7RmYgTwotL9v/fz2gTiQ8nbb/vtD1tBdM0YRgGXMeBpmmwLIuxWCwwnU4xn88Z4/EzOp0Oo9vt1j5hMBhAlmW2gmkaUFWVSZIk8QdZgiiK/DeZTDCbzaAoCnq9HgsYDofsE0/X9TpX2CcOXny7qq6g3+/Xxe4F6d2u1FJBUq5UKqggTXDnP4oQsoOHTfwJx/H4o9Vqod1uM8gXRQme5/HYrutCrpJGTyMErwE3fOTTlMLt5x3f6abq6HISdXaqfRLI930f6/Uaq9UKURRxHIYhkiRhjm3bNZ+UC/viiN+/G67XHNn5jDRNEccxJ5DdbrcoigKXywV5nuOrik+nE8qyRJZl2O123PB4OGK5XEIIPiIEbyFf2TB0vhqNQWg2m7x4i6885j1SrKoaq6GRKW40GnxhOs4/Y2rbOo6c22AAAAAASUVORK5CYII='); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/00b298dbd78ec7982fa8314567ba5c5d/8ac56/image-20250125203721376.webp 240w,\n/static/00b298dbd78ec7982fa8314567ba5c5d/d3be9/image-20250125203721376.webp 480w,\n/static/00b298dbd78ec7982fa8314567ba5c5d/d95e5/image-20250125203721376.webp 639w\"\n              sizes=\"(max-width: 639px) 100vw, 639px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/00b298dbd78ec7982fa8314567ba5c5d/8ff5a/image-20250125203721376.png 240w,\n/static/00b298dbd78ec7982fa8314567ba5c5d/e85cb/image-20250125203721376.png 480w,\n/static/00b298dbd78ec7982fa8314567ba5c5d/738b8/image-20250125203721376.png 639w\"\n            sizes=\"(max-width: 639px) 100vw, 639px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/00b298dbd78ec7982fa8314567ba5c5d/738b8/image-20250125203721376.png\"\n            alt=\"image-20250125203721376\"\n            title=\"image-20250125203721376\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>The correct flag can be extracted from there.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 876px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/f5180b1212bc597eef38145a7b35d702/1b1d5/image-20250125203707166.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 17.083333333333332%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAADCAYAAACTWi8uAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAeElEQVQI15WO2wrEIAxE/f/v7LZ47YO3mKKzJlDY1w0MxzEyjjmvC+fxgbUWd7qRcwYzo/cOGgP/zFoLxjkH7z1ijAghqFJKm1FZa9VwYWsNRKR8fSlFJX7OCSOPebC2ejV2M36efT80rO8Q5ZbsiLqG/X4kZ2n4BXK26RXDNkIcAAAAAElFTkSuQmCC'); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/f5180b1212bc597eef38145a7b35d702/8ac56/image-20250125203707166.webp 240w,\n/static/f5180b1212bc597eef38145a7b35d702/d3be9/image-20250125203707166.webp 480w,\n/static/f5180b1212bc597eef38145a7b35d702/21dbd/image-20250125203707166.webp 876w\"\n              sizes=\"(max-width: 876px) 100vw, 876px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/f5180b1212bc597eef38145a7b35d702/8ff5a/image-20250125203707166.png 240w,\n/static/f5180b1212bc597eef38145a7b35d702/e85cb/image-20250125203707166.png 480w,\n/static/f5180b1212bc597eef38145a7b35d702/1b1d5/image-20250125203707166.png 876w\"\n            sizes=\"(max-width: 876px) 100vw, 876px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/f5180b1212bc597eef38145a7b35d702/1b1d5/image-20250125203707166.png\"\n            alt=\"image-20250125203707166\"\n            title=\"image-20250125203707166\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<h2 id=\"packet-detectiveforensic\" style=\"position:relative;\"><a href=\"#packet-detectiveforensic\" aria-label=\"packet detectiveforensic permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Packet Detective(Forensic)</h2>\n<blockquote>\n<p>You are security analyst given a pcap file containing network traffic. Hidden among these packets is a secret flag transmitted. Your task is to analyze the pcap file, filter out common traffic, and pinpoint the packet carrying the hidden flag.</p>\n</blockquote>\n<p>By searching through the large amount of TCP traffic in the packet capture provided with the challenge, you can identify the stream that transmits the flag in plaintext.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 960px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/19e6003e552cd05eb86ca685a0b8ec78/71e8d/image-20250125204105204.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 12.916666666666664%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAADCAYAAACTWi8uAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAo0lEQVQI112LOw7CMBBEcwW+zpfEju21EwUJkGhBAkJIAYiK+19ksN0gKJ5mVm82qs4c8qZQX+tA+2ghegE9ajT3JuA77zmE88ptvecXDjUo0EjhTw4yEO3XO2zbDUg4sZLoqIMqJbJFhnyZh0xmMdiEgU0ZYt9d+juZJyjTEkVcoEoriFwger+eOB0P0EbDthbGGtjGQpP+4hwZCvx3Repn9wE0pFgUuqsuTQAAAABJRU5ErkJggg=='); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/19e6003e552cd05eb86ca685a0b8ec78/8ac56/image-20250125204105204.webp 240w,\n/static/19e6003e552cd05eb86ca685a0b8ec78/d3be9/image-20250125204105204.webp 480w,\n/static/19e6003e552cd05eb86ca685a0b8ec78/e46b2/image-20250125204105204.webp 960w,\n/static/19e6003e552cd05eb86ca685a0b8ec78/07cde/image-20250125204105204.webp 1304w\"\n              sizes=\"(max-width: 960px) 100vw, 960px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/19e6003e552cd05eb86ca685a0b8ec78/8ff5a/image-20250125204105204.png 240w,\n/static/19e6003e552cd05eb86ca685a0b8ec78/e85cb/image-20250125204105204.png 480w,\n/static/19e6003e552cd05eb86ca685a0b8ec78/d9199/image-20250125204105204.png 960w,\n/static/19e6003e552cd05eb86ca685a0b8ec78/71e8d/image-20250125204105204.png 1304w\"\n            sizes=\"(max-width: 960px) 100vw, 960px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/19e6003e552cd05eb86ca685a0b8ec78/d9199/image-20250125204105204.png\"\n            alt=\"image-20250125204105204\"\n            title=\"image-20250125204105204\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<h2 id=\"security-rocksforensic\" style=\"position:relative;\"><a href=\"#security-rocksforensic\" aria-label=\"security rocksforensic permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Security Rocks(Forensic)</h2>\n<blockquote>\n<p>I shared a super secret message, I hope its secure.</p>\n</blockquote>\n<p>I analyzed the packet capture of wireless traffic provided with the challenge.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 714px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/1262012de232dc79eeb8e97b63c6c418/d67ca/image-20250125204615970.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 38.33333333333333%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAICAYAAAD5nd/tAAAACXBIWXMAAAsTAAALEwEAmpwYAAABY0lEQVQoz11R2XKCQBDka0wJJSiLhYKcyn0sVGmZkP//js7MmJjEhykW6O1rjLZtcbvdUNc10jQFv8dxjCiKcKLRWmNZPtF1HZIkge/7aOl8vV4FO8+T3C3LAmEYwmiahj5UqKoKu92OSDPkef6Y85neE3R9TxdKEorgOA7C04nIY9h0VkphtXrDer2GZVkwGNyRkhC6rqj8TBAEyLIM0/Rw0ZMzz1NIKElZFHT2CBcIkW3b2Gw2MMZxxDgOEs1xbFHkcYmcHV8uF9zv7xS5B2OPxyNSEuGISnkibJqmkAkh98D99H0nBK8OE+pzGAYURUkpSpiWiYi+FSTEwixgmtYvYS0d1miaWgAckYc75CcvqhfCQmphDC8rp3+uq3A4+BL5Saj1hIF7JJcc4UyLeJ15nsHL6wWjZHHcIeM5xb/IXLimbrQesd1uSfHwnP1+L+4/lkViMzE7S7McNbv9Xspfwi9QbxURj/rJtwAAAABJRU5ErkJggg=='); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/1262012de232dc79eeb8e97b63c6c418/8ac56/image-20250125204615970.webp 240w,\n/static/1262012de232dc79eeb8e97b63c6c418/d3be9/image-20250125204615970.webp 480w,\n/static/1262012de232dc79eeb8e97b63c6c418/80c40/image-20250125204615970.webp 714w\"\n              sizes=\"(max-width: 714px) 100vw, 714px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/1262012de232dc79eeb8e97b63c6c418/8ff5a/image-20250125204615970.png 240w,\n/static/1262012de232dc79eeb8e97b63c6c418/e85cb/image-20250125204615970.png 480w,\n/static/1262012de232dc79eeb8e97b63c6c418/d67ca/image-20250125204615970.png 714w\"\n            sizes=\"(max-width: 714px) 100vw, 714px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/1262012de232dc79eeb8e97b63c6c418/d67ca/image-20250125204615970.png\"\n            alt=\"image-20250125204615970\"\n            title=\"image-20250125204615970\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>Using Wireshark shows that this traffic appears to be encrypted with WPA.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 623px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/1ac0d9729d320535728437c39efa2671/6114d/image-20250125205225045.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 72.08333333333333%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAOCAYAAAAvxDzwAAAACXBIWXMAAAsTAAALEwEAmpwYAAAB9klEQVQ4y4VTyXraYBDzo7DvGG/YgBfAGwYcUi7piQuH9P2fYDoSMV/bL00OwwxeJI3k3whWK0mSRLI0lTTNJI4iGQ2H0u8PZDwes0ajEQvzYDCQVqsl7Xb70zIcx5WiKCTLMu0lexhuZD6fK2ifAKihkjTAk8nkSfZvGdPpVKqqkuPxKHmei+d54rquBEEgK1Xv+z67bVsk+a4My7LkcDjI+XyW19cfClwReK0gruuI4zgkME1TZrMZ+2KxePZmBhjuGxhs25blcklV6Kn6SV91fVaekWS/31NtGIbaA4njmDPIQUxA/AAUFwCMB1ydN9rruqYVURRSCbaBRZ9Vg2M0awAQCj3PJXCkaZ9OJwYGEgTxnX9PhQD0vCVBAEZAXQfeYuU8L1ShSVA836hp+l+h4CIkrzcbJgwwqE22W7ler1y7rs+PoNZrpv5lynNVB2VFWcput2WyIIBnCMj3AxLBDpA1Av7no2GaCzmrVzAfisqy4FwqAT8nvQcv9/udbFV1EidKvCM5wkLS2AYzrONnA3UAwLd4u93kfr/L+/sv+fn2JtvkAQAb8MJXRYU4UvAH5sf68stLLZfLhariOOKDlmXTPxytTqcjvV5Put0uO45nUziiBrwC4OljbXSsjnON/1CN1XH9cURPJK2qAwOCd3+G8htVC8cQX3WypAAAAABJRU5ErkJggg=='); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/1ac0d9729d320535728437c39efa2671/8ac56/image-20250125205225045.webp 240w,\n/static/1ac0d9729d320535728437c39efa2671/d3be9/image-20250125205225045.webp 480w,\n/static/1ac0d9729d320535728437c39efa2671/7ac29/image-20250125205225045.webp 623w\"\n              sizes=\"(max-width: 623px) 100vw, 623px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/1ac0d9729d320535728437c39efa2671/8ff5a/image-20250125205225045.png 240w,\n/static/1ac0d9729d320535728437c39efa2671/e85cb/image-20250125205225045.png 480w,\n/static/1ac0d9729d320535728437c39efa2671/6114d/image-20250125205225045.png 623w\"\n            sizes=\"(max-width: 623px) 100vw, 623px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/1ac0d9729d320535728437c39efa2671/6114d/image-20250125205225045.png\"\n            alt=\"image-20250125205225045\"\n            title=\"image-20250125205225045\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>So I decided to check whether the WPA password could be recovered using <code class=\"language-text\">airodump-ng</code>.</p>\n<div class=\"gatsby-highlight\" data-language=\"bash\"><pre class=\"language-bash\"><code class=\"language-bash\">airodump-ng -r dump-05.cap</code></pre></div>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 808px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/d0be468a120a8603a259f4586b8e261b/3534c/image-20250125205801267.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 27.083333333333332%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAFCAYAAABFA8wzAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAyUlEQVQY0zWQRw6FQAxDWSKEQPTem2DLJeD+B8rX8xeLaGIndpJxyrK0oiisaRpr29aqqjK4YRiE67oWR/R9L24cR+VoiK7rVA/D0ByKGAKCIFCOCU1xHEsIzrJMNYZRm6ZJZuiv6xJH3SFh6teMCWLf983zPMvzXDX4NE1lTmAGXpbFnuex933tvu//hjREUaTAdF1XNYN54RhKzgDMwd/2cFznuq458zzbeZ6277tt26a/48UUjm0x4BLESZJITH4ch0wx4iLiB6c6glTzNvfjAAAAAElFTkSuQmCC'); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/d0be468a120a8603a259f4586b8e261b/8ac56/image-20250125205801267.webp 240w,\n/static/d0be468a120a8603a259f4586b8e261b/d3be9/image-20250125205801267.webp 480w,\n/static/d0be468a120a8603a259f4586b8e261b/2b269/image-20250125205801267.webp 808w\"\n              sizes=\"(max-width: 808px) 100vw, 808px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/d0be468a120a8603a259f4586b8e261b/8ff5a/image-20250125205801267.png 240w,\n/static/d0be468a120a8603a259f4586b8e261b/e85cb/image-20250125205801267.png 480w,\n/static/d0be468a120a8603a259f4586b8e261b/3534c/image-20250125205801267.png 808w\"\n            sizes=\"(max-width: 808px) 100vw, 808px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/d0be468a120a8603a259f4586b8e261b/3534c/image-20250125205801267.png\"\n            alt=\"image-20250125205801267\"\n            title=\"image-20250125205801267\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>From this result, we can determine the WPA decryption password by performing a dictionary attack with <code class=\"language-text\">rockyou.txt</code>.</p>\n<div class=\"gatsby-highlight\" data-language=\"bash\"><pre class=\"language-bash\"><code class=\"language-bash\">aircrack-ng -w /usr/share/wordlists/rockyou.txt -b D8:3A:DD:07:AA:5A dump-05.cap</code></pre></div>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 786px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/9f9d9c6a42d04f81ef18440832fa79f7/321ea/image-20250125210407740.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 63.74999999999999%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAANCAYAAACpUE5eAAAACXBIWXMAAAsTAAALEwEAmpwYAAABmElEQVQ4y3WSyXLCQAxEfWHfV7ODKRybxZQdQg78/391eKoS5RTJQZY8M2p190zQnY61+igUpQ+t44fCaKfPe67knGixWGi5XGo+n1sOw1CTycTWfW02m2m1Wtka+0F2zXX/uun7flORZzomiTabjXa7ncbjsUajkYbDoeXBYKB+v2//5TWy10H0bDwcDhZJkip8TqzVamo0Gm/RbDbVarUs/xcBLKDrUsje2Ol01Ov11O12rXYwcrvd/jMC36TRAZBFZkAURVqv11Yjkz2CnjK4ZwOcTqcmGe/2+73VeLjdbl/Gu/n8k2HNUKLM2ACZzK0BjLnOiGAI+96MCmfmN8v/C5APhtfr9ZfxSOIgAYgzZCgD/Wy1WrX6TTIXgwyaWKQJuTBFelkqwR4Zf98YAuiMuGEYkfGRBr8Uf5vUAPL/LyAewQBPYIu0PM8Vx7FOp5OOx6NFlmVK01Tn81mXy0VFURg48t88rFQq9qDxBGAAaaYRUECIMvD1ejXWvwChi3ew4clwi0jmILII/CLDxr0lc4aXUX42P7L4Ryx/W7hJAAAAAElFTkSuQmCC'); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/9f9d9c6a42d04f81ef18440832fa79f7/8ac56/image-20250125210407740.webp 240w,\n/static/9f9d9c6a42d04f81ef18440832fa79f7/d3be9/image-20250125210407740.webp 480w,\n/static/9f9d9c6a42d04f81ef18440832fa79f7/4cb1e/image-20250125210407740.webp 786w\"\n              sizes=\"(max-width: 786px) 100vw, 786px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/9f9d9c6a42d04f81ef18440832fa79f7/8ff5a/image-20250125210407740.png 240w,\n/static/9f9d9c6a42d04f81ef18440832fa79f7/e85cb/image-20250125210407740.png 480w,\n/static/9f9d9c6a42d04f81ef18440832fa79f7/321ea/image-20250125210407740.png 786w\"\n            sizes=\"(max-width: 786px) 100vw, 786px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/9f9d9c6a42d04f81ef18440832fa79f7/321ea/image-20250125210407740.png\"\n            alt=\"image-20250125210407740\"\n            title=\"image-20250125210407740\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>Reference: <a href=\"https://www.aircrack-ng.org/doku.php?id=ja:cracking_wpa\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">ja:cracking_wpa [Aircrack-ng]</a></p>\n<p>I then used the recovered password in Wireshark to decrypt the WPA traffic.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 716px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/c8334ca326a50fd92742bfe8af4ade57/6bbf7/image-20250125210903482.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 82.08333333333333%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAQCAYAAAAWGF8bAAAACXBIWXMAAAsTAAALEwEAmpwYAAACfklEQVQ4y31UyXbTQBD0kTjhBl7ixIv23ZLlVZKx7CQXQh7mFuDx+P+vKLrasUnyCId6MyNNV9dU90zDth1MJjm22y0WiwXG4zHSNEWScMzg2BY6vT4+tEfotFrotrsyttH+2MJF8xzNd02cnzVlPMP78ws0DMPAqijwbb9HWRYIxhHm87liuVwin0xgStKsKpEuJ0gWExlzhHkCO/ZghDaMyDlA5g3TNFEUJfb7rzIWGNoGoig6IUkShHGI9PsG8993GP/YYPbrVpH+rOE/lggeqxMajuOgqtao6w2yLIPlOxjLkWfzmViR6TfbtuE7HgLXR+gGOh7mPiIveIEGN1dVhdlspopMz0aeTzGdTtVbKnRcB6H8i5MYcRwfxqd59ApKuF5/wrauD6SyMc1SJQ/DEPR4OBzqWgloxT+IToSWZSnhw8MXrfLQHMHyHFXmui4uLy9xfX39glBVvgFVuNnU2O22SjK0DPiBr0f2PA/0mEmp9qTwPxBCSwlvbnZIJCCMI/Ew12IQbJswCE6Ez/EGIT1ci8KdNrXje0rEgNFohEG/rx76vlRWiI/gmnt4qudQwrI8VFkr6ru6kbeFShlIYiaZiFqCc7aVMTI04WAwUPRlrn1YlKXeDCrMpVVITjIqr+QfkwZPxz4ijuQEcgnmdYF0lSMXz1er1d8q399/1syOVJa3hyRU1n868tXV1Qmseq/Xw8g0EKQRvPhgQTpO0eDk9vZOHodaVbHvjkEECY8ER7CVuKfblYei3UG300FLHg7GNtga9I4VYt8diY5gIJXy9tBXYrVaqs88ItdsMVpGcfo4MIBgBlrwGkzEYiih2PKckDbxeyagt38AKBnjncdImrEAAAAASUVORK5CYII='); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/c8334ca326a50fd92742bfe8af4ade57/8ac56/image-20250125210903482.webp 240w,\n/static/c8334ca326a50fd92742bfe8af4ade57/d3be9/image-20250125210903482.webp 480w,\n/static/c8334ca326a50fd92742bfe8af4ade57/d8378/image-20250125210903482.webp 716w\"\n              sizes=\"(max-width: 716px) 100vw, 716px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/c8334ca326a50fd92742bfe8af4ade57/8ff5a/image-20250125210903482.png 240w,\n/static/c8334ca326a50fd92742bfe8af4ade57/e85cb/image-20250125210903482.png 480w,\n/static/c8334ca326a50fd92742bfe8af4ade57/6bbf7/image-20250125210903482.png 716w\"\n            sizes=\"(max-width: 716px) 100vw, 716px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/c8334ca326a50fd92742bfe8af4ade57/6bbf7/image-20250125210903482.png\"\n            alt=\"image-20250125210903482\"\n            title=\"image-20250125210903482\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>From the decrypted packets, we can confirm that a file containing sensitive information was being transmitted.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 797px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/d26d3d1d8abff965e54c36545537d3cd/43fbc/image-20250125211341292.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 113.75%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAXCAYAAAALHW+jAAAACXBIWXMAAAsTAAALEwEAmpwYAAAElUlEQVQ4y31V6VNadxR9f0BM+6E1ps6kNbiwL3GpVQSkIMouoKJGRZniAm6AKC6IC25Rq8Yl0SZqkppOtBk7aTJ1pjPtl860H/sXnd730zimUT8cLo/fe+ede++5F06lL4SyRgGZS4ZsWzbuWrKQ68iFwCpADl2LXSJIPBLI6xQQucQQVgvPIDqPEo+UzuVQeBXgBoZSmJh6iMTYA4wTEollpKbXkUwsIjwwgyZfHwKBMIJdMQS+60dHxwBDeyBCMUpnEbT5QuhsD9N5H7ieoRkkF3aQmFhBIrmMsdQ6Ria+R2p+C57GDijlSuTlCHDz00/wefpnDOm30pFx+za+yMzErYwMpN1MQ1paGm6k3QDn7x5GZGwRkdgUogOTCMdnEY5NY2hkHt5GPxLROKK9g/B47qOhoRXNzQHYbC6IxWJIpVIGuVzOoFDIwe09f4eT3//F4dEfOHh5gte//IXDn//Em7f/YGR4llINonYsBE+8A1anG/pyE0rVWkYkk8kY3hPz4Da2j3BIJDtPj/F4+xDPDk7wdP8Nnv34G2KxSfgaW0lZG7xeHxyOGuTl5UIkEn1EdE54r1QPdYUdZpsb1dV10Fc6YKhywuqoRanWgGCgG3V1LZRyIxRK5bmyiwovgnM3daAtNIRgKIZQ9xD8XQMIEHr6RuF01aPtvo+RWSxOqpHySqJzwtmlJ9je/xWrD19geWUP61SCtc2X2Hj0CpGBCSwv7aKdLFFSUkqpCukh+bWk3IOVfTx5/hYbWz9hY/MAj354jY3Hr7BNMT46h73dd9Bo9JBIJaepXqOOEXZGkoiNL5NtppltIsPziJA3B4fn4PN34/j4bwSDcRQWFp9ZRHF9DXsGU2TsbSSn1pCcXMH4zCbGp9eQmtuCP9CHmcklVFWYkJX1JYTCPOTm5nzQ5Y8IjZU22KtryRLUZWcNrHY3rLZquN1e6MoNGOyNIjk8yYztdjcy++j1RjL25aSclGpTXq6DTqeFVquBpkyNcp2OUiyASChEIjaKxekF1HgamA89FI1G09UKc3JyYTAaYa6qohuNMBgMMJlMUKvVyM8vQDw8jO6uMOrrfaitbSGFLWgiq5WWas5T/59CGSxWK82nDVaKZnMV7HY7fbeQ6nJEu6NwkR8tFt74XjiddSgo+BoSieTypvAfev23TF0VqeSJzWYzi2VlGkRDUazPr2Cwfwhmi4te5KZyFLGHL+s4x8uuqKhAZWUlEetJlY5d86nrtFr0hSJUVw2yBV/hzp1MBoEgC9nZAsJdUir+gJTj38Irs1gsjLQgP58WANmDloCMbgq298BRXQ8noaam+azbDWwcXa4GSr+Idfx0OUjAqVQqmgQNjdY3hBJqRD7bbacpyRHriWBxag59wX56oZ2RuYmIjzxhcXEJzbgCKtU9KJUqcEraIDxhWVkZi3yaRUVFZx2UY5VmfXfnCOtrL5BKbaK1tQstLZ0Mfn+Q5rwfnZ0RihH6reO0hhcVXVyaMnLARHwcawuriEdHUGGynp1LL+xDCev4e3BCofDKZclbKuAPoSfI/0H1ntVLzJRftRz+A43saWabds44AAAAAElFTkSuQmCC'); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/d26d3d1d8abff965e54c36545537d3cd/8ac56/image-20250125211341292.webp 240w,\n/static/d26d3d1d8abff965e54c36545537d3cd/d3be9/image-20250125211341292.webp 480w,\n/static/d26d3d1d8abff965e54c36545537d3cd/9eee1/image-20250125211341292.webp 797w\"\n              sizes=\"(max-width: 797px) 100vw, 797px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/d26d3d1d8abff965e54c36545537d3cd/8ff5a/image-20250125211341292.png 240w,\n/static/d26d3d1d8abff965e54c36545537d3cd/e85cb/image-20250125211341292.png 480w,\n/static/d26d3d1d8abff965e54c36545537d3cd/43fbc/image-20250125211341292.png 797w\"\n            sizes=\"(max-width: 797px) 100vw, 797px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/d26d3d1d8abff965e54c36545537d3cd/43fbc/image-20250125211341292.png\"\n            alt=\"image-20250125211341292\"\n            title=\"image-20250125211341292\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>This file contained an encoded string like the one shown below.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 772px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/40e9cb20cd73d6c6316d2d23ae646ea5/940c5/image-20250125211237179.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 37.916666666666664%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAICAYAAAD5nd/tAAAACXBIWXMAAAsTAAALEwEAmpwYAAABuklEQVQoz3WQSVMaURRG+xdkITOIJBiFWN0gVdkEx6gBZTBJBUVkaNBA080kDSIGTaxKZZFfffK6UVNZZHHq3O/We/cNUqQQIfwxjCfjwZF24Ew7cR+5hB3PWNmT9eA6dP7Tf8KRWrDXWEiVusrJWRHLX4qnlIVrFw0KoleqlimpNdRmk5ahU1ZVkVXO6xb1OSKXGw0u2xpNw0DSx9/Q9AGGcUWna9LqX9MWeWDekNhM4/CFWAwEeRkIsRQM4RW1X9jtDeD2LeJbCvHC6cLl8bPg9SMZowe6/ekz2mBGr39Lb3jHbipP6WubatugYqEZVDXLOpWWbvdrF20+HZ8SDAYJ+H1Iyb19Mrk8ufwxmWyODZGzok4fZXi7/Y59vUDKKPLBOCUtnO6ccaCf2L3DXomDzzl2tt6TSCSIr68jNc0HjM7NnO6Uy/4M3bgWN/xOcmOXZfG8aHiFyKvXguVHz1m18soq0WgEWZZtpM74jrb4O707stEGE2GTrnlLcmuHtbU3xOJxlFjsPygoyhx74NXsN8PhPePRD0xBb/KToXnPZPqLze09+3RFiSE/blJkxa6fsqxYN/s79A/d+yP6tkTPJQAAAABJRU5ErkJggg=='); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/40e9cb20cd73d6c6316d2d23ae646ea5/8ac56/image-20250125211237179.webp 240w,\n/static/40e9cb20cd73d6c6316d2d23ae646ea5/d3be9/image-20250125211237179.webp 480w,\n/static/40e9cb20cd73d6c6316d2d23ae646ea5/ca172/image-20250125211237179.webp 772w\"\n              sizes=\"(max-width: 772px) 100vw, 772px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/40e9cb20cd73d6c6316d2d23ae646ea5/8ff5a/image-20250125211237179.png 240w,\n/static/40e9cb20cd73d6c6316d2d23ae646ea5/e85cb/image-20250125211237179.png 480w,\n/static/40e9cb20cd73d6c6316d2d23ae646ea5/940c5/image-20250125211237179.png 772w\"\n            sizes=\"(max-width: 772px) 100vw, 772px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/40e9cb20cd73d6c6316d2d23ae646ea5/940c5/image-20250125211237179.png\"\n            alt=\"image-20250125211237179\"\n            title=\"image-20250125211237179\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>Unfortunately, trying ordinary approaches such as Base64 decoding did not work, but thanks to a teammate discovering that the flag could be decoded with Base62, we were able to determine that the correct flag was <code class=\"language-text\">TUCTF{w1f1_15_d3f1n173ly_53cure3}</code>.</p>\n<h2 id=\"summary\" style=\"position:relative;\"><a href=\"#summary\" aria-label=\"summary permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Summary</h2>\n<p>I had so little time to write this up that it ended up being a bit rushed…</p>","fields":{"slug":"/ctf-tuctf-2025-en","tagSlugs":["/tag/rev-en/","/tag/forensic-en/","/tag/english/"]},"frontmatter":{"date":"2025-02-02","description":"TUCTFCTF 2024 Writeup","tags":["Rev (en)","Forensic (en)","English"],"title":"TUCTF 2024 Writeup","socialImage":{"publicURL":"/static/87e8300f66fb27f5bfdf983eefa98953/ctf-tuctf-2025.png"}}}},"pageContext":{"slug":"/ctf-tuctf-2025-en"}},"staticQueryHashes":["251939775","401334301","825871152"]}