Ctflearn-forensics-writeup

challenge name : GandalfTheWise

source : ctflearn.com

Category : forensics

Description :

Extract the flag from the Gandalf.jpg file. You may need to write a quick script to solve it

I tried to use binwalk tool to extract the files from the image file and got nothing ( no files to extract)

Then I used exiftool tool to display the file informations and i got Interesting comment!!!

It’s a base64 encoded data… let’s decode it by a bash command or any online tool

I got a flag (wrong flag) but it’s a good hint

Now use strings tool to see if we can get more data

Yes… we got another 2 base64 encoded data

Let’s try to decode it and doing xor calculation by a python script

Explanation of the script :

(import base64) : here we call the library which used to decode the encoded data

We defined variables (a) and (b) and there value is the encoded data

(base64.b64decode) : it’s the function used to decodeWe

defined array (c) with no value

Define variable (l) and its value is the output from function (len(A)) (len(A) is a function return a length of variable (A) variable (A) is a decoded data from a variable))

Defined a for loop which will pass through (A) and (B) values by return loop as l value and xor it and c.append() function will add the values to the (c) array

chr() is a function used to convert the output to text format

If we used only print (c) we will got this result

So we used print (“”.join(c)) to collect all elements without breaks

Use (python3 filename.py) command

and you will get the flag 🏁