Ctflearn-forensics-writeup
challenge name : GandalfTheWise
source : ctflearn.com
Category : forensics
Description :
Extract the flag from the Gandalf.jpg file. You may need to write a quick script to solve it
I tried to use binwalk tool to extract the files from the image file and got nothing ( no files to extract)
Then I used exiftool tool to display the file informations and i got Interesting comment!!!
It’s a base64 encoded data… let’s decode it by a bash command or any online tool
I got a flag (wrong flag) but it’s a good hint
Now use strings tool to see if we can get more data
Yes… we got another 2 base64 encoded data
Let’s try to decode it and doing xor calculation by a python script
Explanation of the script :
(import base64) : here we call the library which used to decode the encoded data
We defined variables (a) and (b) and there value is the encoded data
(base64.b64decode) : it’s the function used to decodeWe
defined array (c) with no value
Define variable (l) and its value is the output from function (len(A)) (len(A) is a function return a length of variable (A) variable (A) is a decoded data from a variable))
Defined a for loop which will pass through (A) and (B) values by return loop as l value and xor it and c.append() function will add the values to the (c) array
chr() is a function used to convert the output to text format
If we used only print (c) we will got this result
So we used print (“”.join(c)) to collect all elements without breaks
Use (python3 filename.py) command
and you will get the flag 🏁