ShunyaCTF Aarambha 2024 | CTF WriteUp | Forensics

 

Category: Forensics

1)BIBBA 1

my grandfather sent me this one photo describing it as his one of the most cherised and sacred memories during his time. help me find out some details about it.

pipp1.png

Description

Print the strings stored in the image.

Solutions

Use strings to print all the ASCII characters and sentences in the image data.

The flag is right there.

0CTF{pNg_h34d3rs_4r3_A_P4!n_P4!n_!n_7h3_455}

PS:This is not the intended way I think. This challenge was the first in a series of other BIBBA challenges which was OSINT.So we are supposed to fix the headers and other chunck data bytes to get the clear picture and solve the other OSINT challenges with the clear picture we get.

2)Check Research and Check again

Sometimes in life, everything goes wrong, nothing works and you crash every time you try to look within yourself. In such moments, calculate where you came from, and see what you can correct, generally the last thing you did wrong is what needs to be corrected first.

Flag Format: 0ctf{words_with_underscore}

Description

Fix headers and chunk data in the png file to get viewable png image.

Solution

Let's try to open the image file.

Clearly it is not viewable.

Lets use pngcheck to check what's wrong with the picture.

We can ignore the first warning, The "zlib warning". I wasted a lot of time to figure out what it is, but turns out that was not important.

What important was the "Invalid IHDR interlace method(82)" error.

Let's open up the file in ghex and open png file structure in Wikipedia. 

From Wikipedia, we can see that 13th byte in IHDR specifies whether the image is interlaced or not. The allowed values are either 00 or 01.

We can see that it is 52 which is not any of the allowed values.Let's change it to 00 indicating that the image is not interlaced.Save the image by pressing Ctrl+S.

Let's check pngcheck again.

The previous error has been rectified.Now we have a new error:

sRGB invalid rendering intent

Let's check what is sRGB in Wikipedia.

The allowed values are only 0,1,2,3.

But in ghex the value is 45 which is wrong.So lets change it to 00.

Save it.

Check again with pngcheck.

Now new error:

RC error in chunk gAMA (computed 1d90ae40, expected 0bfc6105)

The values of gAMA chunk should be 1d90ae40 but it is 0bfc6105 .Not lets correct it.

To search for a hex , Press Ctrl+f and type the hex values with space.Click Enter.

Change the values to 1d 90 ae 40.Save it.

Check pngcheck again.

We get another error.Seems like we are stuck in errors forever.......  :(

The new error:

CRC error in chunk PLTE (computed 5419a278, expected 55c2d37e)

In ghex:

Same like before search for 54 19 a2 78 and change it to 55 c2 d3 7e.Save it.

Run pngcheck again.

 New error:

invalid pHYs unit specifier (82)

Lets check what is pHYs in Wikipedia.

9th byte in pHYs is the unit specifies which is where our error is.

Lets check our hex bytes.

The value is 52 ,we don't know the allowed values so lets just specify it as 00.

pngcheck again:

Same like previous errors, search for c7 6f a8 64, change it to b0 68 98 f2.

Change it. Save it.

Pngcheck again:

Here also I wasted a lot of time trying to figure out this error, turns out it doesn't matter

In GUI, go to the directory where the file is stored and open it. Now we can see the image clearly.

Hence, we get the flag:

0ctf{crc_1s_a_us5ful_m5chan1sm}

Keep Learning......

Happy Hacking!!!!!!