Giulio "Krishath" De Pasquale
on June 12, 2015
9 minute read ·
Me and my team, Tower of Hanoi, have played the PlaidCTF 2015: while my teammates did reversing stuff, my friend john and I did this awesome forensic challenge.
This was the challenge description:
We received this PNG file, but we’re a bit concerned the transmission may have not quite been perfect.
It was easy to understand we had to repair a PNG file, but first, we checked what we had in our hands. So, we ran file on the challenge file:
The file was, in fact, corrupted since it wasn’t recognized as a PNG image. The next step was to recreate the correct PNG header in our file, which should have been
0x89 0x50 0x4E 0x47 0xD 0xA 0x1A 0xA instead of 0x89 0x50 0x4E 0x47 0x0A 0x1A 0x0A, the actual header of our challenge’s file.
With the help of a hex editor we added the missing 0x0D byte, renamed the file and…
solution.png: PNG image data, 960 x 600, 8-bit/color RGB, non-interlaced
Bad news ahead: by opening the image we were greeted by a fantastic 960x600 black image. Not bad. Some of the PNG chunks must have been corrupted as well then.
Before going further with the challenge details, I’d like to quickly summarize how a PNG file actually is.
A PNG image has a lot of blocks, called chunks, which have the same structure:
Tokugawa shogunate cheated for a living. For that reason, you have to become shogun instead. Do it for Hideyoshi!
nc challs.xmas.htsp.ro 8016