Pragyan 2016 - Harry Potter - Steganography

Reading time ~1 minute


Pragyan CTF might not have been on the CTFTime timetable this year but it ran during the week so we took part. We in fact finished 2nd outright with 1251 points. Equal in points to first place but arriving there later and only one challenge remained unsolved.

A minor 35 points for this harmless looking stego challenge so how hard can it be? In fact it was one of the last challenges I solved, probably due to the use of a cipher I had never heard of. It had only a 5% solve rate too so I guess a lot of folks struggled.

Actually before I go into the solution, that was an overarching theme of Pragyan for me, ciphers…. soooo mannnyyyy ciphers. I believe almost every challenge wound up with some ciphertext you had to solve. So it was fun like that.

This begins with an innocent image file which when downloaded quickly gives away a secret:

root@kali:~/pragyan/stego# file HP.png 
HP.png: PNG image data, 385 x 131, 8-bit colormap, non-interlaced
root@kali:~/pragyan/stego# pngcheck HP.png 
HP.png  additional data after IEND chunk

Using strings we see this…

root@kali:~/pragyan/stego# strings HP.png 
wherE ShOUld onE ReaLly lOoK fOr tHis flag

Hmm, at first I extracted the uppercase characters resulting in a “ciphertext” of ESOUERLOKOH. We hammered this string into so many cipher solvers for literally days with no luck.

We then decided to look more into ciphers which involve the way the entire string was encoded, this lead us to the “Bacon” cipher. Using this cipher if we take each lowercase letter to represent an “A” and each uppercase character a “B” we get the string:


Which, using an online solver we get the plaintext “bydelta” which did turn out to be the flag.

niteCTF - CBC-Jail

A unique combination of Python jailbreak and crypto flaw that had me learning a lot about AES-CBC mode. Super fun for me to get this solu...… Continue reading

niteCTF - Rabin to the Rescue

Published on December 12, 2021

HTB CyberSanta 2021 - Crypto Writeups

Published on December 04, 2021