Tags: stegano crypto 

Rating:

# Doberman

## Task

![task](./src/task.png)

[dober.tif](./src/dober.tif)

## Solution

We are given a tif image. I don't know much about TIFF but, as well as it's an image, I started solution as for any image. First,, I passed it to exiftool to check if there is something interesting in metadata.

![exiftool](./src/exiftool.png)

Seems like nothing. Moving on, next step - binwalk.

![binwalk](./src/binwalk.png)

That's better. Extract that gif and here we go:

![dober.gif](./src/dober.gif)

Same image but no text. Okay, now I start over with this gif.

![exiftool_gif](./src/exiftool_gif.png)

Oh, look! There's an interesting comment. It says vernam and some bytes after that. Well, [Vernam](http://cryptowiki.net/index.php?title=Vernam_cipher) is a common known cipher. So it's probably a cipher text encrypted with it. But we still don't have a key, therefore I have to dig deeper. Now I thought about looking for the key in the image's bytes. I openned it it with 010Editor and searched 'vernam'.

![vernam](./src/vernam.png)

There are two find results. Great, it's probably one for ciphertext and one for key. I exctracted [key](./src/key) and [ciphertext](./src/ciphertext) into two different files and made a script for decription:

```Python
with open("encrypted", 'rb') as f:
data = f.read()
with open("key", 'rb') as f:
key = f.read()

int_data = int.from_bytes(data, "big")
int_key = int.from_bytes(key, "big")
decr = int_data ^ int_key
decr = decr.to_bytes(decr.bit_length(), "big").strip(b"\x00")
print(decr.decode())
```

Running the script gives us the flag: `YAUZACTF{1n_5p3c_w3_7ru57}`

Original writeup (https://github.com/0awawa0/CTF-Writeups/tree/master/YauzaCTF%202019/Stegano/Doberman).