codezen.fr code hacking, zen coding

23Dec/12Off

HackYouToo CTF – Binary 300 – Shredder Write-up

Posted by aXs

Have you tried feeding critical documents to a shredder? We've accidentally done this very thing.

Shredder: shredder.exe
Document remains: broken_flag.jpg

We need our document back!

See: http://hackyou.ctf.su/tasks/shredder

Shredder is a Win32 binary that encrypt source file "flag.jpg" to "broken_flag.jpg". The encryption is only some translations and swaps and can be easily reversed.

### Guess mod_5 value using pattern file (map(chr,range(0,256))
### only 5 values possible anyways

mod_5 = 3

### Step 1 - Revert byte swap for position 8 and 13 every 16 bytes

buffer = map(ord, open("broken_flag.jpg", "rb").read())

j = 8
while (j<len(buffer)):
    (buffer[j], buffer[j + 5]) = (buffer[j + 5], buffer[j])
    j = j + 16

buffer = map(chr, buffer)

### Step 2 - Revert byte swap for value 53, 88, 109 and mod_5

out = ''
for j in range(0, len(buffer)):
    a = ord(buffer[j])

    a = (a - 1) & 0xFF ## revert ++buffer[j];

    if a == 53:
        a = 109
    else:
        if a == 109:
            a = 53

    if a == 88:
        a = mod_5 + 89
    else:
        if a == mod_5 + 89:
            a = 88

    out = out + chr(a)

open("plain.jpg", "wb").write(out)

plain

Share