ASIS organized in December 2023 the ASIS CTF Final 2023. I detail here my writeup for the challenge “White & Blank“.
The challenge was “Dive into a vibrant and straightforward miscellaneous challenge White & Blank, tailored for enthusiasts exploring the intricacies of 🧡💛💚forensics🧡💛💚. ” and there was file whiteandblank attached . I provide just a synthesis here on the approach of this challenge and want to combine it with my brand new (to to be completed…) “Forensic Obfuscation Model” (FOM) .
A full review (with a lot of unecessary details potentially) is available here.
The first step was to restore an OpenEXR signature (FOMCTE001.001) (start with 76 2F 31 01) and also compiling EXR tools from AcademySoftwareFoundation OpenEXR.
After some review of the binary provided, it was observed that at the end of the file was also a potential JPEG file with modifications. After playing around with the various formats, it appeared that several layers of complications where added in the challenge. The first complication identified (difficult) was to identify that a property for compression of the OpenEXR image file was slightly modified (words separated with &).
After fixing that the flag was still not found but an image as below was :
So the analysis was continued, based this time on the “tail” of the file, with a portion that was similar to a JPEG :
Using GIMP helped to identify that there was a sizing issue with the JPEG :
After playing a lot with the size the flag was finally found !
FLAG :
ASIS{PGF_a_N3w_pr0gr35s1v3_f1L3_f0rM4T_f0R_l0ssY_4and_l05sL3sS_im4g3_c0mpr3ss!0n}