Rating: 5.0
## Quick Explanation
We see that this is about getting a hash collision of the image that we are sending. Otherwise, any image we are sending will be ignored.
```python
file_hash = hashtag(f.filename)
print file_hash
if file_hash == "75f2f2b893d1e9fb76163d279ac465f3b3eaf31f0c5abd91648717f43ec6":
...
else:
result = "The hash of the file must be - 75f2f2b893d1e9fb76163d279ac465f3b3eaf31f0c5abd91648717f43ec6"
os.remove(f.filename)
```
### Hash Collision
They are using a custom hash function, which can be summarized to these steps:
1. Divide the entire file into 64 chunks.
2. XOR each chunk with some arbitrary number
3. Combine these chunks back
4. Divide this to chunks of 60 hex characters.
5. XOR these chunks to get the hashtag
Since all operations are just bitwise `XOR`, then this makes things much simpler. Since there is no permutation or substitution techniques used in cryptographically secure hashes.
For sufficiently large input, we can practically ignore the first few steps. Although they do affect the hash, our manipulations will not rely on them.
Our simplified view of the hashing function is:
1. Divide this to chunks of 60 hex characters.
2. XOR these chunks to get the hashtag
This means that we can flip the last few bits of the file and it will flip its corresponding bit on the hashes.
```
file ^ 1 == hash(file) ^ 1
```
At this point, this is just simple bit algebra.
```
desired = 75f2f2b893d1e9fb76163d279ac465f3b3eaf31f0c5abd91648717f43ec6
file_hash = hash(file)
diff = file_hash^desired
new_file = file^diff
desired == hash(new_file)
```
__This is a simplified explanation of the solution. There are still some details lacking, but this is the basic idea. Please see the link for the full explanation.__
### Fixing the hash of an image
So that we do not corrupt the image, we first append bytes before we do our file fix.
```python
old_file_data = read_hex(file) + 'f'*120
```
With this and commands `ls` and `cat`, we get the flag
`noxCTF{#BR0K3N_H4SH}`
