Recently fascinated by the Www.wechall.net website, there are some computer-related problems challenges. There are many types of topics, such as: Encryption and decryption, steganography, network attack and defense, fun programming, mathematical logic and so on. The topic is simple, some difficult, need some knowledge and skill. Unlike other topics that challenge websites, users who register on other similar sites can be bound to wechall sites, and then Wechall provide ranking information, and are also well-divided, what is ranked by total, what is ranked in their own country, and what answers the rankings of Web titles in a particular language. Can judge the difficulty of the problem from the number of questions, interested friends can go to register, problem solving can also learn a lot of knowledge. Domestic schools and companies have also held a cyber-offensive contest. What is different from playing ACM is that ACM provides a given input and output, the middle of the black box part needs you to complete, need to provide a better and faster algorithm, this type of attack and defense challenges may require more computer knowledge, from a pile of garbage data found useful information, across the different obstacles and finally found the answer.
Note: Steganography is a steganography, it is different from cryptography (cryptography).
Topic 1 Stegano1 gives you a color BMP image that lets you find the answer.
Whether it's a picture, an audio file, or a binary file, you can first try opening it as a text file to see if a suspicious string exists. The file is too big to do so, the mouse will be a long circle.
The picture is very small, just 102 bytes. You can see the answer by dragging the picture file into the text editor. notepad++ is the best text editor on Windows, not one of them. Compact size, full function.
Open with Gedit on Linux, or use the VIM command, enter:%!XXD switch to binary mode, the answer is obvious.
Xxd is another command, with hexadecimal reality content. Re-enter:%!xxd-r command execution, switch to the original sample (R is reverse).
Note that the-B option for Vim is opened in binary mode. The picture is a binary file, so add this option, otherwise the processing will be problematic.
There is also a command strings, which comes faster, directly outputs printable characters in the file, typically used to display string constants in binary.
The strings command option-n value or the--bytes=value option controls the minimum length of the output continuous character, which is the default value of 4.
The-t RADIX or--radix=radix option is also used later to display the offset of each string. The static string variable for C + + requires this offset index string.
You and I both do the problem, but how to make a question? To hack someone else's software, it is relatively easy to write a serial number register machine. But how to write a shell, confusing the difficult to crack the program is a bit difficult, after all, building a house demolition simple.
We need to understand the BMP file format, BMP pictures Occupy space, no compression, or with RLE (run-length Encoding) compression, large size so rarely spread on the network. Bitmapfileheader,bitmapinfoheader,
Const Char* Buffer ="put your message here"; FILE*file = fopen (Path,"WB"); if(!file) {fprintf (stderr,"can ' t open%s\n", path); return false; } Bitmapfileheader File_header; Bitmapinfoheader Info_header; File_header.bftype= (WORD) ('B'|'M'<<8);//Windows BMP file TagFile_header.bfsize =sizeof(Bitmapfileheader) +sizeof(Bitmapinfoheader) +Len; File_header.bfreserved1=0; File_header.bfreserved2=0; File_header.bfoffbits=sizeof(Bitmapfileheader) +sizeof(Bitmapinfoheader); Info_header.bisize=sizeof(Bitmapinfoheader); Info_header.biwidth=width; Info_header.biheight=height; Info_header.biplanes=1; Info_header.bibitcount= -; Info_header.bicompression=0;//Bi_rgb, an uncompressed format.Info_header.bisizeimage = Len;//size in bytes. This May is set to zero for Bi_rgb bitmapsInfo_header.bixpelspermeter =0; Info_header.biypelspermeter=0; Info_header.biclrused=0; Info_header.biclrimportant=0; Fwrite (&file_header,sizeof(File_header),1, file); Fwrite (&info_header,sizeof(Info_header),1, file); fwrite (buffer, Len,1, file); fclose (file);
It is too easy to be found in this writing. We can increase the difficulty by encrypting and then hiding the string, or by using cyclic shift, XOR, or manipulation.
Know that BMP format supports the color index mode (GIF, PNG format is also supported), the picture will have a color palette used to store the values used, the equivalent of an array to store RGB values, and then the image only use the array index value to find the corresponding color and display, so you can also hide your information in the picture. We use two colors to plot, write black words in white paper, stored as indexed pattern map, so the palette will have two values #000000 and #FFFFFF, the color just a bit 0/1 can represent the black and white color, the array of #000000 values to tamper with the #FFFFFF, that is, black to white, Other data do not move, save and then open the picture to see found that the word disappeared! Write something you want to say, and then send the picture to a crush, and the other person will say how you sent a blank picture. Say so much, try it yourself.
Topic 2 Stegano Attachment
Is the answer in the picture? No, the answer is in the attachment (attachment). When you have done this problem, you will understand the meaning of the preceding sentence. Sometimes, the topic will give the information that is easy to ignore, and this may be the key to solving the problem.
A little attention to a piece of http://www.wechall.net/challenge/training/stegano/attachment/attachment.php, is not very bad? Suffix is changed to PHP page suffix. Open with text editing software and find a bunch of garbled characters. Different files will have different file headers, that is, different Magic number, such as the above BMP format picture of the "BM" logo, PNG image has a eight-byte header "\211
P
N
G
\r
\n
\032
\n
”,用 Visual Studio 调式 C++ 代码出现很多的“烫烫烫烫”,其实是编译期初始化栈空间为 “\xCC\xCC\xCC\xCC”(0xCC 对应 x86 的 INT 3 中断指令,你应该知道为什么这么做),编译 Java 文件生成的 .class 文件的文件头有 “CAFEBABE”。从 attachment.php 里我们看到了字符 "JFIF",应该就是 JPG 图片了。更好的方法是用 linux 上的 file 命令查看文件类型,文件名后缀随你怎么该。改成 .jpg 后缀后,打开图片后,是电影 Ghostbusters (1984) 的海报,我们追到了这里,电影我没看过,看介绍好像很不错的样子。一边下载一边解题吧~
[Email protected]:~/desktop$ file attachment.php
Attachment.php:JPEG image data, JFIF standard 1.01
Let's look at the JPEG format specification a little bit. JPEG files begin with "\xff\xd8" and End With "\xff\xd9". The "JFIF" character appears in the Jpeg/jfif file, and the "Exif" character appears in the Jpeg/exif file.
JPG images use lossy compression and do not support alpha channels. When encoding, the color from the RGB color space to the YUV color space, based on the importance of color components and the perception of the human eye to eliminate unimportant information, reduce the sampling 4:4:4 4:2:2 4:2:0, and then split the image into 8x8 sub-region for the discrete cosine transform, quantization coding, tributary coefficients with differential coding, The AC coefficient is encoded with RLE.
We find that the picture begins with "\xff\xd9", but the end is not "\xff\xd9", as if it were understood.
We use the title 1 learned strings command to search for suspicious strings solution.txt and SOLUTION.TXTPK, just put the final file.
Are you familiar with PK word? The most common zip format for compressing a file header is "pk\x03\x04", and the file does exist with these four bytes. And this four-byte front also happens to be "\xff\xd9". Think about the previous topic attachment. It seems that who appended a zip file to the back of a JEPG image file. We need to extract the ZIP file, the answer is not far away from us.
The offset of the ZIP file is learned with topic 1 VIM:%!xxd search location to view and calculate, or search under the grep command.
We need to copy from 0004f06 to the last 0004f8d (length 0x88=136) to the new file.
Copy and paste a file or a paragraph with CTRL + C, CTRL + V, but copy the binary file stream, can you do that? I can't seem to.
notepad++ is the best use of the most useful text editor, choose Menu Edit--Paste special, the two-level menu appears in the Copy Binary cotent | Cut Binary Content.
Or use the Linux DD command.
[Email protected]:~/desktop$ printf "%d\n" 0x0004f06
20230
[Email protected]:~/desktop$ dd if=attachment.jpg of=solution.zip skip=20230 Bs=1 count=136
136+0 Records in
136+0 Records out
136 bytes (136 B) copied, 0.0021692 s, 62.7 kb/s
[Email protected]:~/desktop$ unzip Solution.zip
Archive:solution.zip
Inflating:solution.txt
Opening the Solution.txt file is the final answer.
From this, we learned another way of hiding files, attaching a file to the end of another file, opening it only to parse the first file, and ignoring the attached file.
Under Windows Console, hide the information message.txt in the picture carrier.jpg: Copy carrier.jpg/b + message.txt/a mixed.jpg
/a/b represent text files and binary files, respectively.
Question 3 Lsb-the least significant bit
To be Continued ...
Wechall.net/stegano Problem Solving Experience