Introduction of the CTF---steganography the second question little Apple

Little Apple Score: 10

• Source: Hanyuhang
• Difficulty: Easy
• Number of participants: 2159 people
• Get flag:862 People
• Number of respondents: 996 people
• Problem solving pass rate: 87%

Flag format: ctf{}

Problem Solving Links: http://ctf5.shiyanbar.com/stega/apple.png

Original title Link: http://www.shiyanbar.com/ctf/1928

"Problem Solving Report"

　　This is my primer to write the second question, the question is a bit of meaning, title for the small Apple, the little Apple is a popular song, click the link to see the problem, we found it is a Chinese festival, the middle of a two-dimensional code, this QR code we have to sweep to see it ~ ~ ~

We first download this picture, with Qr_research to open the picture sweep, decoding, we have appeared such style information!!!

Content looks like a string of garbled characters, this garbled look like a bit of regularity, the code is familiar with the classmate know, this is a Unicode encoding, and then we have to use the tool to decode

Recommend a decoding site: http://tool.chinaz.com/tools/unicode.aspx

After decoding, as follows:

Transcoding out is a line of text, this Chinese character is very strange ah, not a fluent words, this is actually an ancient Chinese password, called pawn shop password, below I briefly introduce the pawn shop password!

The pawn shop password is a code that converts Chinese characters and numbers

The algorithm is quite simple, the current Chinese characters have how many strokes, is converted to a number of

For example, the word sheep, there are nine places, so the conversion to 9

Then "the sheep by the great master Wangzhong" can be converted to the following numbers:

9158753624

This is a string of passwords, obviously not the final answer to the question, for what, this topic still has a certain difficulty, this time we should do a further analysis of this picture, at this time we need to use a tool, called Binwalk,binwalk installation use reference Pcat written by the great God of the article

So, we run this image directly, analysis!

That's not so easy! See the RAR word, we can think of, there is a compressed file

We need to use the Foromost tool at this time ....

Open the virtual machine, start Ubuntu, enter RZ, first upload the image

Then enter the command:

Binwalk Apple.png

After analyzing the file, then disassemble it:

Enter the command:

Foremost Apple.png

When we enter an output folder,

The advantage of this tool is to automatically classify the files, let's go into the compression pack and see

There is a compressed file, let's download this file

OK, we're done.

Open this compression package, found that there is a Apple.mp3 in the compression package, we see MP3 time, also want to think of this is a hidden writing tool

We're going to try it with Mp3stego.

OK, the decryption is complete, we go to find the source file under the directory

MP3 is the decryption file, PCM is the decryption process, TXT is the decryption results, we can open the TXT file to see

Found to be like code text, it is a decoding of one, we just need to throw a plugin into Firefox

That is the positive solution:

Introduction of the CTF---steganography the second question little Apple