RCTF Crypto 100 Decode The File

File: cip_d0283b2c5b4b87423e350f8640a0001e
MD5: d0283b2c5b4b87423e350f8640a0001e
SHA256: 1b13fdec1c3a0da404ad53d4f9130f84ba5f3d7708650f52fb328bb7abf65ba8

If you open the file with a text editor, you can see the following content:

content1

Obviously, the data here is encoded by Base64 algorithm, let’s decode it:

content2

The above picture shows the decoded content, by searching the keyword in Google we can find the source:

https://github.com/n0fate/chainbreaker/blob/master/pyDes.py

Compared the decoded file with the file downloaded from above link, we could not find any additional information being added to the decoded file.

So there must be some secrets being hidden into the Base64 strings, but what are they? Let’s re-encode the content with a standard Base64 algorithm to see if there are any differences:

cmp1

What can you find here? Yes, there are many strings that only different in the last byte before the “=”.

If you are familiar with Base64, I think you can easily figure out the reason. As we know, for Base64 algorithm, the original data will be split into groups of 3 bytes, and if the last group only contains 1 or 2 bytes, it will add some padding to the end and use 1 or 2 “=” to indicate how many original bytes are here in the last group. Here is an example of 1 byte in the last group:

base64

The 4 paddings here actually will be ignored by the decode routine, that is to say, we can put any bits here, what a good place to hide information!

Understand this, there will be no difficulties to solve this challenge, the following script is what I use to extract the hidden information:

import base64
import string

def tobin(data):
    b64table = string.ascii_uppercase + string.ascii_lowercase + string.digits + '+/'
    index = b64table.find(data)
    return format(index, '06b')

def toStr(bin):
    binlen = len(bin)
    out = ''
    for i in range(0, binlen, 8):
        out += chr(int(bin[i:i+8], 2))
    return out

out = ''
for line in open('cip_d0283b2c5b4b87423e350f8640a0001e', 'rb'):
    line = line.strip()
    if line.strip()[-2:] == '==':
        binstr = tobin(line[-3:-2])
        out += binstr[-4:]
        print binstr[-4:]
    elif line.strip()[-1:] == '=':
        binstr = tobin(line[-2:-1])
        out += binstr[-2:]
        print binstr[-2:]

print out
print toStr(out)

Flag: ROIS{base_GA_caN_b3_d1ffeR3nT}

This entry was posted in CTF and tagged , , . Bookmark the permalink.