almost 4 years ago

題目是一張 png,先拿工具來掃一下:

$ foremost final.png
Processing: final.png
|*|
$ cat output/audit.txt
Foremost version 1.5.7 by Jesse Kornblum, Kris Kendall, and Nick Mikus
Audit File

Foremost started at Mon Sep 29 16:14:32 2014
Invocation: foremost final.png
Output directory: /home/peter50216/ISG/output
Configuration file: /etc/foremost.conf
------------------------------------------------------------------
File: final.png
Start: Mon Sep 29 16:14:32 2014
Length: 3 MB (3845157 bytes)

Num      Name (bs=512)         Size      File Offset     Comment

0:      00000000.png           1 MB               0       (1440 x 900)
1:      00003754.png           1 MB         1922524       (1440 x 900)
Finish: Mon Sep 29 16:14:32 2014

2 FILES EXTRACTED

png:= 2
------------------------------------------------------------------

好呀其實有兩張圖接在一起。
把兩張圖拿來 diff 一下會發現,只有 184 個 pixel 的 R channel 值不一樣。
仔細一看會發現,第二張圖那幾個 pixel 的值只有 0 或 1,所以就寫個 code 吧~

require 'chunky_png'
require 'openssl'

i1 = ChunkyPNG::Image.from_file('./output/png/00000000.png')
i2 = ChunkyPNG::Image.from_file('./output/png/00003754.png')

val = []

(0...i1.height).each do |j|
  (0...i1.width).each do |i|
    r1 = ChunkyPNG::Color.r(i1[i, j])
    r2 = ChunkyPNG::Color.r(i2[i, j])
    val << r2 if r1 != r2
  end
end

puts val.map{|x| x.to_s(2)}.join.to_i(2).to_bn.to_s(2)

Flag: ISG{E4sY_StEg4n0gR4pHy}

← ISG2014 Pwnme ISG2014 Checkin →