Pragyan CTF might not have been on the CTFTime timetable this year but it ran during the week so we took part. We in fact finished 2nd outright with 1251 points. Equal in points to first place but arriving there later and only one challenge remained unsolved.
A minor 35 points for this harmless looking stego challenge so how hard can it be? In fact it was one of the last challenges I solved, probably due to the use of a cipher I had never heard of. It had only a 5% solve rate too so I guess a lot of folks struggled.
Actually before I go into the solution, that was an overarching theme of Pragyan for me, ciphers…. soooo mannnyyyy ciphers. I believe almost every challenge wound up with some ciphertext you had to solve. So it was fun like that.
This begins with an innocent image file which when downloaded quickly gives away a secret:
root@kali:~/pragyan/stego# file HP.png
HP.png: PNG image data, 385 x 131, 8-bit colormap, non-interlaced
root@kali:~/pragyan/stego# pngcheck HP.png
HP.png additional data after IEND chunk
ERROR: HP.png
Using strings we see this…
root@kali:~/pragyan/stego# strings HP.png
IHDR
...
IEND
wherE ShOUld onE ReaLly lOoK fOr tHis flag
Hmm, at first I extracted the uppercase characters resulting in a “ciphertext” of ESOUERLOKOH. We hammered this string into so many cipher solvers for literally days with no luck.
We then decided to look more into ciphers which involve the way the entire string was encoded, this lead us to the “Bacon” cipher. Using this cipher if we take each lowercase letter to represent an “A” and each uppercase character a “B” we get the string:
wherEShOUldonEReaLlylOoKfOrtHisflag
AAAABBABBAAAABBAABAAABABABAABAAAAAA
Which, using an online solver we get the plaintext “bydelta” which did turn out to be the flag.