ASIS CTF 2021 Misc Writeup

challenge-Factory:

1
In the simplest terms, factory misco-graphy is the ratio of output to input!

It is an easy stego challenge.Use foremost to solve it

flag:

1
ASIS{PDF_1N_PDF_iZ_A_T4sK_fOR_fOreEnSic5_L0v3RS}

challenge-Gesture:

1
2
3
A gesture is a file that is intended to indicate or emphasize something!

Note: flag is lowercase string, put the flag in ASIS{flag} too.

It is an interesting challenge.I can’t solve it in game.This is the recurrence work after the game

first use file and binwalk to check out this file

file:

binwalk:

wow you can find it is YAFFS filesystem,It is a key to extract this img file

use https://github.com/justsoso8/yaffs2utils to extract it

such as ./unyaffs2

command:

1
2
3
sudo ./unyaffs2 -p 512 /home/crazyman/Desktop/gesture.img Androidtmp

sudo ./unyaffs2 -p 512 {input_image_path} {output_path}

result:

wow,we have already extract them,Now it’s time for us to analyze them

and we can find someting in Android/data/com.android.gallery3d/cache/.nomedia/.latentorism

As you know,cache is important in forensics.Meanwhile it is also the cache of gallery. So It is an picture.

rename it as png

we can see some number on it :D

but it looks strange.

aha This is the image that has been flipped left and right

Now repair it

script:

1
2
3
4
5
6
import cv2
image = cv2.imread("latentorism.png")

# Flipped Horizontally
h_flip = cv2.flip(image, 1)
cv2.imwrite("latentorism-h.png", h_flip)

now we got 709004999298182874947842717955 but it seems not hex.What use are they for?

Don’t be worry,we will find another data.

look at Signal\Backups\

it has signal-2021-10-21-08-01-13.backup

what’s it ? how to decode it?

google is a good way to solve these :D

then,you can find it

https://github.com/pajowu/signal-backup-decode

install it and run the command to decode signal file

1
signal-backup-decode -p 709004999298182874947842717955 signal-2021-10-21-08-01-13.backup

file list:

now we will parse the signal_backup.db file

use SQLite Viewer to analyze the data 

1
SELECT * FROM sms;

we can find morse code :D

1
-. ...-- ...- . .-. ..--.- --... .-. ..- ..... - ..--.- - .---- -. . ..--.- ... . ...-- ..--.- .. ..--.- ....- ..--.- -. ----- - .... .---- -. -.... ..--.- .. ..... ..--.- .-.. ----- ----- ..--.- .--. ...-- .-. -.-. . -. --... ..--.- ... ...-- -.-. ..- .-. .

decode morse

use http://www.hiencode.com/morse.html

flag:

1
ASIS{n3ver_7ru5t_t1ne_se3_i_4_n0th1n6_i5_l00_p3rcen7_s3cure}

Knowlege:

  1. extract YAFFS filesystem
  2. gallery image cache
  3. decode android signal backup
  4. parse and analyze data

Thanks for ASIS CTF.Nice challenge