Tags: forensic
Rating:
# 2020 Defenit CTF - Baby Steganography
>###### TAGS: `forensic`
>[name=rlaclgjs@PLUS]
## Attachments
* writeup
* [solver code](https://gist.github.com/rlaclgjs1107/263cd8e085ac98c8d15f07a690223d97#file-sol-py)
Attachments are uploaded on [gist](https://gist.github.com/rlaclgjs1107/263cd8e085ac98c8d15f07a690223d97)
## Challenge
```
Description
I heared you can find hide data in Audio Sub Bit.
Do you want to look for it?
```
Challenge provides a file named `problem`.
## Solution
Below is file header of `problem`, opened with `HxD Editor`.
![fileheader](https://user-images.githubusercontent.com/53330811/84628225-310eef80-af23-11ea-8a49-a8990fb66c84.PNG)
Reading header of the file, we can know `problem` is `.wav` format file.
Because description of the challenge mentioned `Audio Sub Bit`, I noticed the challenge is about `LSB`.
Wave information is contained in `data` subchunk that comes after `fmt` subchunk.
So, The flag will be hidden in the `LSB` of the actual information behind the `ckID` and `cksize` of the `data` subchunk.
Let's check out!
## Solver
```
with open("problem", "rb") as f:
ckID = f.read(4)
cksize = f.read(4)
WAVEID = f.read(4)
ckID_ = f.read(4)
cksize_ = f.read(4)
wFormatTag = f.read(2)
nChannels = f.read(2)
nSamplesPerSec = f.read(4)
nAvgBytesPerSec = f.read(4)
nBlockAlign = f.read(2)
wBitPerSample = f.read(2)
ckID__ = f.read(4)
cksize__ = f.read(4)
print("ckID : %s"%ckID)
print("cksize : %s"%cksize)
print("WAVEID : %s"%WAVEID)
print("=======")
print("ckID : %s"%ckID_)
print("cksize : %s"%cksize_)
print("wFormatTag : %s"%wFormatTag)
print("nChannels : %s"%nChannels)
print("nSamplePerSec : %s"%nSamplesPerSec)
print("nAvgBytesPerSec : %s"%nAvgBytesPerSec)
print("nBlockAlign : %s"%nBlockAlign)
print("wBitPerSample : %s"%wBitPerSample)
print("=======")
print("ckID : %s"%ckID__)
print("cksize : %s"%cksize__)
res = open("res.txt", "w", encoding="utf-8")
while True:
for i in range(8):
break_f = 0
data_raw = f.read(1)
if not data_raw:
break_f = 1
break
data = str(bin(int.from_bytes(data_raw, 'big') & 1)).split('b')[1]
res.write(data)
if(break_f==1):
break
res.write("\n")
res.close()
res_r = open("res.txt", "r")
res_string = open("res_str.txt", "w", encoding="utf-8")
for l in res_r:
try:
res_string.write(chr(int(l,2)))
except:
res_string.close()
res_string.close()
```
Then in the first line of the file `res_str.txt`, there is a flag!
## Flag
`Defenit{Y0u_knOw_tH3_@uD10_5t39@No9rAphy?!}`