|
| 1 | +--- |
| 2 | +date: 2025-03-07 22:48:40 +02:00 |
| 3 | +categories: [apoorvCTF, Forensics] |
| 4 | +tags: [Forensics, CTF, apoorvCTF] |
| 5 | +--- |
| 6 | + |
| 7 | +This is a writeup of the Forensics challenge Samurai’s Code by [apoorvCTF](https://apoorvctf.iiitkottayam.ac.in/) |
| 8 | +#### Points: 162 |
| 9 | +# Premise |
| 10 | +Unveil the lost code of the Samurai and unlock the mystery hidden within. |
| 11 | + |
| 12 | +## Challenge files: |
| 13 | + |
| 14 | +[sam.jpg](https://github.com/CSYClubIIITK/CTF-Writeups/blob/main/ApoorvCTF-25-Writeups/Forensics/Samurai%E2%80%99s%20Code/files/sam.jpg) |
| 15 | + |
| 16 | +# Observations |
| 17 | +We start off by looking at the challenge image: |
| 18 | + |
| 19 | + |
| 20 | +Nothing seems out of the ordinary from the image, so we need to start investigating a bit further. |
| 21 | +Exiftools didnt yied anything of interest, but we can continue to the site [Fotoforensics](https://fotoforensics.com/) |
| 22 | + |
| 23 | + |
| 24 | + |
| 25 | +Here we can see what looks a lot like [Brainfuck](https://esolangs.org/wiki/Brainfuck) at the end of the image. |
| 26 | + |
| 27 | +```Brainfuck |
| 28 | +++++++++++[>+>+++>+++++++>++++++++++<<<<-]>>>>++++.++++++++++++..----.+++.<------------.-----------..>---------------.++++++++++++++.---------.+++++++++++++.-----------------.<-.>++.++++++++..--------.+++++.-------.<.>--.++++++++++++.--.<+.>-------.+++.+++.-------.<.>-.<.++.+++++++++++++++++++++++++.+++++++++++++.>+++++++++++++.<+++++++++++++.----------------------------------.++++++++.>+++++++++.-------------------.<+++++++.>+.<-----.+++++++++.------------.<+++++++++++++++.>>++++++++++++++++.<+++.++++++++.>-.<--------.---------.++++++++++++++++++++.>.<++.>--------------.<<+++++.>.>-----.+++++++.<<++.>--.<++.---------.++.>>+++++++++++.-------------.----.++++++++++++++++++.<<++++++++++++++++.>>--.--.---.<<--.>>+++.-----------.-------.+++++++++++++++++.---------.+++++.-------. |
| 29 | +``` |
| 30 | + |
| 31 | +Running the code using [dcode.fr](https://www.dcode.fr/brainfuck-language), we get the following output: |
| 32 | + |
| 33 | + |
| 34 | +We get [this](https://drive.google.com/file/d/1JWqdBJzgQhLUI-xLTwLCWwYi2Ydk4W6-/view?usp=sharing) link to a google drive, navigating to it we can download a file simply titled samurai. |
| 35 | + |
| 36 | +Opening the file, we see what looks like a jpg with its bits shuffled |
| 37 | + |
| 38 | + |
| 39 | +as according to the [JPEG file format](https://en.wikipedia.org/wiki/JPEG_File_Interchange_Format#File_format_structure), we should see the first bytes be `FF D8 FF E0` |
| 40 | + |
| 41 | +# Solution |
| 42 | +All we need to do to recover the bit shuffled image is shuffle them back, which we can do with the following python script: |
| 43 | + |
| 44 | +```python |
| 45 | +def shift_bytes(file_path, output_path): |
| 46 | + with open(file_path, 'rb') as f: |
| 47 | + data = bytearray(f.read()) |
| 48 | + |
| 49 | + for i in range(0, len(data) - 1, 2): |
| 50 | + data[i], data[i + 1] = data[i + 1], data[i] |
| 51 | + |
| 52 | + with open(output_path, 'wb') as f: |
| 53 | + f.write(data) |
| 54 | + |
| 55 | + print("Bitshifting complete") |
| 56 | + |
| 57 | +input_file = 'samurai' |
| 58 | +output_file = 'shifted_samurai.jpg' |
| 59 | +shift_bytes(input_file, output_file) |
| 60 | +``` |
| 61 | + |
| 62 | +The result is the following image: |
| 63 | + |
| 64 | + |
| 65 | +Which gives us the flag: |
| 66 | +> apoorvctf{ByT3s_OUT_OF_ORd3R} |
| 67 | +{: .prompt-tip } |
| 68 | + |
| 69 | + |
| 70 | +# Tools and sources used: |
| 71 | +- [Fotoforensics](https://fotoforensics.com/) |
| 72 | +- [dcode.frs brainfuck site](https://www.dcode.fr/brainfuck-language) |
| 73 | +- A hex editor of choice |
| 74 | +- [the JPEG file format](https://en.wikipedia.org/wiki/JPEG_File_Interchange_Format#File_format_structure) |
0 commit comments