CTFtime.org

EXORcism

by _dodo_ / LevaNova

Tags: qrcode 

Rating: 4.0

The "encoded.txt" file contains just 0s and 1s; one per line.

```python
with open("encoded.txt", "r") as f:
data = f.read()
info = data.replace("\n", "")
```

this script prints the content of the file stripping the newline char. Moving around your teminal emulator you can eventually get:

![](https://i.imgur.com/YbPI0ly.png)

This two QRcode are equals but shifted by just a line. With PIL it's easy to get the QRcode into a png.

```python
from PIL import Image
import sys

with open("encoded.txt", "r") as f:
data = f.read()
info = data.replace("\n", "")

# Split the lines by 200 and then in half
qr1 = ""
qr2 = ""
for i in range(0, 10000000, 200):
qr1 += info[i : i + 100]
qr2 += info[i + 100 : i + 200]

# Create the matrixes
qrm1 = [qr1[i : i + 100] for i in range(0, 5000, 100)]
qrm2 = [qr2[i + 100 : i + 200] for i in range(0, 5000, 100)]
qrcode1 = Image.new("RGB", (100, 100), "white")
qrcode2 = Image.new("RGB", (100, 100), "white")
qrcode1_pixels = qrcode1.load()
qrcode2_pixels = qrcode2.load()

# Fill and save the PNGs
try:
for x in range(100):
for y in range(100):
if qrm1[x][y] == "1":
qrcode1_pixels[x, y] = (0, 0, 0)
except Exception as e:
print(e)
qrcode1.save("qrcode1.png")

try:
for x in range(100):
for y in range(100):
if qrm1[x][y] == "1":
qrcode2_pixels[x, y] = (0, 0, 0)
except:
pass
qrcode2.save("qrcode2.png")
```

Eventually the QRcode in output return a string:

> 160f15011d1b095339595138535f135613595e1a

![](https://i.imgur.com/0y05kM1.jpg)

The strings could be a cipher text XORed with some unknown key...but! Since we know part of the plain text we can check if the ciphertext leaks some infos.

From [CyberChef](https://gchq.github.io/CyberChef/#recipe=From_Hex('Auto')XOR(%7B'option':'UTF8','string':'pctf%7B'%7D,'Standard',false)&input=MTYwZjE1MDExZDFiMDk1MzM5NTk1MTM4NTM1ZjEzNTYxMzU5NWUxYQ) we can see that the first part of the key is `flag`.

Just using `flag` as [key we got the flag](https://gchq.github.io/CyberChef/#recipe=From_Hex('Auto')XOR(%7B'option':'UTF8','string':'flag'%7D,'Standard',false)&input=MTYwZjE1MDExZDFiMDk1MzM5NTk1MTM4NTM1ZjEzNTYxMzU5NWUxYQ):

> `pctf{wh4_50_53r1u5?}`

Comments