CastorsCTF | Two Paths
Description#
The flag is somewhere in these woods, but which path should you take?
two-paths.png
Cracking#
- We have a classic steganography challenge here but as this is from the crypto category, there must be that also along the way in it.
- I use the
stringscommand on the image to see if they’ve hidden some readable data in this image and I find that there’s some binary data at the end of the image.
01101000 01110100 01110100 01110000 01110011 00111010 00101111 00101111 01100111 01101111 00101110 01100001 01110111 01110011 00101111 00110010 01111010 01110101 01000011 01000110 01000011 01110000
- I use perl to convert this to ascii with the following command:
echo "01101000011101000111010001110000011100110011101000101111001011110110011101101111001011100110000101110111011100110010111100110010011110100111010101000011010001100100001101110000" | perl -lpe '$_=pack"B*",$_'
- Output:
https://go.aws/2zuCFCp
The link has expired as the CTF ended but here’s the html page that I got after going to the link.
As the challenge name says two paths and the above link only contains some random emojis, I ran
stegsolveon the image and I found another link leading to another image of a chat.
This image has a chat between two people who are talking about Alex’s party or something, Messages from one person are in plain text but from the other person are encrypted with emojis.
Use the chat to figure out the mappings of the emojis to ascii characters and use that to get the flag.
My friend Diogo, Clash and Halcyon helped in mapping out the emojis and Diogo wrote the python script to get the flag.
Script#
analysis = {
"β": "c",
"β": "o",
"β": "n",
"π": "g",
"π": "r",
"β": "a",
"β": "t",
"π²": "u",
"β": "l",
"βΊ": "i",
"β": "s",
"π―": "f",
"π": "y",
"β": "e",
"β": "d",
"β«": "h",
"β": "v",
"β": "p",
"πΊ": "w",
"βΏ": "j",
"β": "m",
"β": "b",
"π΄": "x",
"β": "q",
"π": "k",
"πΆ": "z"
}
emoji_encoded = """βββππββπ²ββββΊβββ!_βΊπ―_πβπ²_βββ_πβββ_ββ«βΊβ,_ββ«ββ_πβπ²_β«βββ_ββββββ_ββ«β_ββΊββ«βπ!_πΊβ_βΏπ²ββ_β«βββ_πβπ²_π―βπ²ββ_β_ββπβ_βπ―π―βΊββΊβββ_πΊβπ_π―βπ_ββββΊββ«βπβΊβπ_ββ«ββ_πββΊβπ_βββ_βπ_βββ_βπ_ββββ_πβπ²_πΊββ'β_πββ_ββ«πβπ²πβ«_ββ«β_ββπ΄β_ββπβ_ββππ_βπ²βΊβπβπ._ββπββ_βππ_βββΊβπ_β_ββΊββββ_ββπβ_ββπΆπ!
βπ―β_πβΊπ΄βπΆββ_ππ΄βπβπβ«β«π΄β«_βπ²β{βπ²βΊβ«π²ββ_π²β«ππ}βββΏβ«π―β_ππ²{π΄π²β«ββββ}β_πΆπβββββπ_π―β_βπβπ΄ππβ{βπΆβ_ββπβπβ«ββ}π΄β_{βπ―βπ―ββΏββπβ_βπββπ―ββπ΄}πΆβ_πβ«β{ββ«π―π΄βπ΄π―_ββ}π΄βπΆβββπ²β_ββπβπ΄β_βπΆβπΊ_πΆββ{βπβββΏπΊβ_βΏβ_π΄ββΏβββββ_π²β}βΏββπ―βββπ²_βππ΄{πββπ―βββ_π―}πΊβΊππΊβΏπ―βΏβΏβ_βπ―{βΏβΏβπββΏ}β«β_β«πβπββββπΆπ_ββ{ββββπββπ_ββ}βπβπΆπΆββπ²_βπ΄πββπβ{βββ_β}π―β«π΄πΆπββπ―β_ββ{ββββΏβπβ«πΊ_βββΏβ«ββ«πΆ_ββ_πββπΊππβππΆπ²_βπ΄}πβΏπβΏπ―π―πβ_βΊββπ΄πππ΄{βπβ_βπ²βΊπ_πΊβπβπ²β_βπ―{βΏβΏβπββΏ}β«β_β«πβπββββπΆπ_ββ{ββββπβ_βπ_ββ}βπβπΆπΆββπ²_βπ΄πββπβ{βββ_πβ«β{ββ«π―β«β{ββ«π―π΄βπ΄π―_ββ}π΄βπΆβββπ²β_ββπβπ΄β_βπΆβπΊ_πΆββ{βπβββΏπΊβ_βΏβ_π΄ββΏβββββ_π²β}βΏββπ―βββπ²_βππ΄{πββπ―βββ_π―}πΊβΊππΊβΏπ―βΏβΏβ_βπ―{βΏβΏβπββΏ}β«β_β«πβπββββπΆπ_ββ{ββββπββπ_ββ}βπβπΆπΆββπ²π΄βπ΄π―_ββ}π΄βπΆβββπ²β_ββπβπ΄ββπΆβπΊ_πΆββ{β_πβββΏπΊβ_βΏβπ΄ββΏβββββ_π²β}βΏββπ―βββπ²_βπ_π΄{πββπ―βββ_π―}πΊβΊππΊβΏπ―_βπ²βΊπ_πΊβπβπ²β_βπ―{βΏβΏβπββΏ}β«β_β«πβπββββπΆπ_ββ{ββββπβ_βπ_ββ}βπβπΆππ΄βπβπβ«β«π΄β«_βπ²β{βπ²βΊβ«π²ββ_π²β«ππ}βββΏβ«π―β_ππ²{π΄π²β«ββββ}β_πΆπβββββπ_π―β_βπβπ΄ππβ{βπΆβ_ββπβπβ«ββ}π΄β_{βπ―βπ―ββΏββπβπΆββπ²_βπ΄πββπβ{βββ_πβ«β{ββ«π―π΄βπ΄π―_ββ}π΄βπΆβββπ²β_ββπβπ΄ββπΆβπΊβΏβΏβ_βπ―{βΏβΏβπββΏ}β«β_β«πβπββββπΆπ_βββΏβ«ββ«πΆπ΄_ββ_πββπΊππβππΆπ²_βπ΄}πβΏπβΏπ―π―πβ_βΊββπ΄_πππ΄{βπβ_βπ²βΊππΊβπβπ²β_βββ{βββπΊββ«π_βββββπΆπβπΊβ_ββββπ΄ββββΊβ«_πβ}π²ββπββπβ_β{βββΏββββπ―β_β}π΄_βππβπβπβ_βββΏβββΏπ΄π―ββ_πβββ{βββπΆπΊπ―_ββββββββπΊβ_ππ²ββββπββ}π_βββββπβββπ―{βββββββ«β_π―ββπ_ββΏπΆβββπ}_βπ―{βπΊβββΊπβπ_βπβππΆπΆβπΊπβ_βπΆββπβββππ΄_πΊβππ²βββββπ_ββ}π²π―βββββπΆ_βββ{πΆπββΏβΊββ_βΊββπΊβπΆ_π²}π²_βπβ«{πββ«βππ΄_π΄ββββπβπ΄π―β_πΆ}πΆππΆπΆβΏπππ―π_βΊπΊβββΊ{πΊββπβ_ββββ}β«βπ―πΊ_β«πΊ"""
for x, y in analysis.items():
emoji_encoded = emoji_encoded.replace(x, y)
print(emoji_encoded)
flag
castorsCTF{sancoho_flag_qjzmlpg}