CSA CTF writeup

Stephanography

Here's the challenge text, there was also an image.

The last secret messaging protocol was busted. Our undercover agent, Steph (codename: stncal), now uses some steg tool on Github called "Appa". We recently received an image file from her. 
Your mission, should you choose to accept, is to retrieve the message.

I found the stncal user on github and cloned their appa repo.

git clone https://github.com/stncal/appa.git

Running the decoding tool on the provided image gives us a file secret_new.results.

python appa.py -d secret_new.png

By using head we can get a sense of what type of file it is.

alice$ head secret_new.results 
ffd8ffe000104a4649460001010100480048ffd700e100bc457869660000
49492a000800000006001201030001000000010000001a01050001000000
560000001b010500010000005e0000002801030001000000020000003101
02000c000000660000006987040001000000720000000000000048000000
01000000480000000100000047494d5020322e382e323200050000900700
040000003032313000a00700040000003031303001a003000100ffd700ff
000002a0090001000000d002000003a0090001000000d101000000000000
ffe1044a687474703a2f2f6e732e61646f62652e636f6d2f7861702f312e
302f003c3f787061636b657420626567696e3d27efbbbf272069643d2757
354d304d7043656869487a7265537a4e54637a6b633964273f3e0a3c783a

By searching the code ffd8ffe0 we find that the header indicates that the file is a jpeg file. Now we need to convert the hex encoding to binary.

xxd -r -p secret_new.results flag.jpeg

When we open that jpeg we find the flag.

appa.jpeg

Last updated: 2019-10-09 Wed

Home