Writeups
  • â„šī¸Infos
  • đŸ—“ī¸2021
    • DvCTF (to join DaVinciCode)
      • Crypto
        • Baby RSA
        • Ressaye
        • Unbreakable encryption
      • Forensics
        • Broken Portrait
        • Russian Dolls
        • Sus USB
      • Misc
        • Jus de Flag
        • Welcome
      • OSINT
        • Absolutely Nuts
      • Progra
        • Snoop's Mission
      • Reverse
        • Baby Reverse
        • Basic Cracking
        • Code Pyn
      • Steganography
        • Colorful Code
        • Hurt Your Eyes
        • Orchestra of Flags
        • Tyger
      • Web
        • Have I Been Pwned
        • What's Up ?
  • đŸ—“ī¸2022
    • DvCTF 2022
      • Crypto
        • Cwryptographic Owacle
        • Secure Or Not Secure
        • small weiner
      • Forensics
        • Very Bad Script
      • Misc
        • Data Leak
        • Going postal
        • The Hacker Man
      • OSINT
        • Elon Musk
        • Monkeey
        • Painting Spot
        • Welcome to the DaVinciCTF!
      • Pentest
        • DaVinci's Playlist : Part 1
        • DaVinci's Playlist : Part 2.5
        • DaVinci's Playlist : Part 2
      • Programming
        • Heaven's Gate
        • Sudoku
        • TicTacToe
      • Reverse
        • CryptoVault
        • Mine Game
        • Obfuscated
        • Peripheral Interface Controller XVI
      • Steganography
        • ICMP
        • The Arts of Details
        • Treasure
      • Warmup
        • EBG13
        • FrenchFlag
        • MP3
        • QmFzZTY0
        • RSA
        • Welcome
      • Web
        • CyberStreak v1.0
        • đŸŽĩ
    • picoCTF 2022
      • Challs WU
    • @HackDay - Qualifications
      • Crypto
        • Francis Bacon
        • Francs Maçons
        • Rotate-me!
        • Un message codÊ ?
      • Forensics
        • bad_timing_for_reversing
      • Hardware
        • Cubik'cipher
        • WebSDR
      • Reverse
        • Calling Conventions
        • Memory Investigation
      • Steganography
        • I can make pictures
        • J'ai perdu le flag :(
        • PokÊmons
        • Un coup de maÃŽtre
        • Un logo cachotier
      • Web
        • GIT!
        • Part. 1 - Uploads
        • Part. 2 - Old md5
        • Part. 3 - sudo python
    • 404CTF
      • Crypto
        • Un simple oracle [1/2]
        • Un simple oracle [2/2]
      • Misc
        • Je suis une thÊière
        • Pierre-papier-Hallebarde
        • GoGOLFplex
      • OSINT
        • À l'aube d'un Êchange
        • Collaborateur suspect
        • Equipement dÊsuet
      • Reverse
        • Mot de passe ?
      • Steganography
        • La plume à la main
        • PNG : Un logo obèse [1/4]
        • PNG : Drôles de chimères [2/4]
        • Toujours obèse [3/4]
      • Web
        • FichÊ JS
        • Le braquage
        • Du gÃĸteau
        • En construction !
    • Operation Kernel
      • Crypto
        • Scytale
      • Forensics
        • Research Paper
        • Excel Confidential
      • Reverse
        • CryptoLocker
        • What_If_CryptoLocker
      • Social Engineering
        • Pour vivre secure vivons cachÊ
        • Pour vivre secure vivons cachÊ Part 2
      • Stegano
        • AudioSpectre
        • Datacenter
        • Takazume
      • WEB
        • Research paper blog
        • SQL Project 1
        • SQL Project 2
        • SQL Project 3
        • Tenue de soirÊe requise
  • đŸ—“ī¸2023
    • 404CTF 2023
      • RÊsultats
      • Analyse forensique
        • PÃĒche au livre
        • Le Mystère du roman d'amour
        • Les Mystères du cluster de la Comtesse de SÊgur [1/2]
        • Lettres volatiles
        • Note de bas de page
      • Cloud
        • Le Sot
        • Le Cluster de Madame Bovary
        • Harpagon et le magot
        • Les nuages menaçants 1/3
        • Les nuages menaçants 2/3
      • Cryptanalyse
        • Recette
        • ASCON Marchombre
      • Divers
        • Bienvenue
        • Exemple de connexion à distance
        • Discord
        • À vos plumes !
      • Exploitation de binaires
        • Je veux la lune !
      • Programmation
        • L'Inondation
        • Des mots, des mots, des mots
      • Radio-FrÊquence
        • Navi
        • Avez-vous vu les cascades du hÊrisson ?
        • Le Plombier du cÃĸble
        • Ballistic Missile Submarine
      • Renseignement en sources ouvertes
        • Le Tour de France
        • Les OSINTables [1/3]
        • Un vol ?
        • L'Ãĸme d'un poète et le coeur d'une femme [1/4]
        • L'Ãĸme d'un poète et le coeur d'une femme [2/4]
        • L'Ãĸme d'un poète et le coeur d'une femme [3/4]
        • L'Ãĸme d'un poète et le coeur d'une femme [4/4]
      • RÊtro IngÊnierie
        • Le Divin Crackme
        • L'Inspiration en images
      • SÊcuritÊ MatÊrielle
        • Un courrier suspect
        • Un rÊveil difficile
      • StÊganographie
        • Odobenus Rosmarus
        • L'Œuvre
        • Les FÊlicitations
        • En Profondeur
        • Le Rouge et le vert, avec un soupçon de bleu
      • Web
        • Le Loup et le renard
        • L'AcadÊmie du dÊtail
        • La Vie Française
        • Fuite en 1791
        • L'Épistolaire moderne
        • Chanson d'Inde
      • Web3
        • Art
        • L'Antiquaire, tÃĒte en l'air
Powered by GitBook
On this page

Was this helpful?

  1. 2022
  2. DvCTF 2022
  3. Misc

Going postal

PreviousData LeakNextThe Hacker Man

Last updated 2 years ago

Was this helpful?

Category: OSINT & Steganography - Points: 500 (at the beginning) then 490 (at the end) - Difficulty: Easy - Solves: 20 Description: My dear friend "Bob" made a tool online to uncover the truth behind that map.

Infos:

A .jpg file is provided (map.jpg)

Solution: To solve this challenge you need to analyze the jpg file in first step. The image contain an Australian map and there are stanges rods on the bottom left corner. But what represent these rods ? After many searches we found that this image correspond to an Australian Post 4-State Code. Now we "just" need to found a reader for this barcode... When we search Australian Post 4-State Code reader we find a website named . What's name of our dear friend ? "Bob", exactly. We are now on the good way. So now, we need to convert the barcode in letters (T, D, A or H) to extract the infos. Here is the "rule" to convert : After convert the "code" is : ATDFFDDADDAADAADFAFAFFDAFTFDAFATAFAAATADTAFDTDDDDDDDTTTDFFTDDADFAAT and we collect some infos :

Format Control Code : 62
Sorting Code : 78475110
Customer Information Field : V3K4N64r00

We don't need these infos for the moment, but we keep them near to us.

We can now analize the first image with a steganography tool. To analyze an image in steganography, I always use . When we upload the file on the website, we can see there is a .7z file in backgroung data :

We download them but this .7z file is locked with password...

So now, we have to find this password. We can try to do a bruteforce attack... But after multiple tests any technique works. And earlier we found infos ! We can test with theses infos : "62", "78475110", "V3K4N64r00", "6278475110V3K4N64r00"... The good password is : 6278475110V3K4N64r00 We can dezip the 7z file and analyze extract datas. The folders names contain 4 digits and 40 numbers (0 or 1) who make a big binary.

But what can we do with these folders names ? Convert in hexa ? Build an image ? Range them in ascending order ? I decided to range the binary in create date order. So at the end we have this :

Looooooong datas

🚩 FLAG
dvCTF{4U57r4114_P057_4_57473}

And the last step is to build an image with this big datas block. The website who do that is this one : After generating the image we just need to find a tool who can "read" the Data Matrix barcode : With some searches, we found this website and after this image analyse, the flag is displayed.

đŸ—“ī¸
bobcodes
Aperisolve
Dcode - Convert Binary in Image
Aspose
image
image
image
image
1MB
map.jpg
image