Rating:
## [See original writeup on site](https://barelycompetent.dev/post/ctfs/2021-04-11-ritsecctf/#parcel)
### Parcel
> That's a lot of magick
>
> ~knif3
We're given a single file, `Parcel`:
```
file Parcel
Parcel: gzip compressed data, from Unix, original size modulo 2^32 759456
```
So we'll move it to the appropriate suffix:
```bash
mv Parcel Parcel.tgz
```
And then extract:
```bash
7z x Parcel.tgz
```
Which gives us a `Parcel.tar`... which isn't actually a tar?
```bash
file Parcel.tar
Parcel.tar: multipart/mixed; boundary="===============6501672606206171874==", ASCII text, with very long lines
```
OK, what are we working with here then?
```
cat Parcel.tar| head -n 60
Content-Type: multipart/mixed; boundary="===============6501672606206171874=="
MIME-Version: 1.0
Subject: Sun Tzu says....
From: [email protected]
To: [email protected]
--===============6501672606206171874==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
I. Laying Plans
1. Sun Tzu said: The art of war is of vital importance to the State.
--===============6501672606206171874==
Content-Type: image/png
MIME-Version: 1.0
Content-Transfer-Encoding: base64
iVBORw0KGgoAAAANSUhEUgAAA+gAAAGQAQAAAAAVNnfMAAAABGdBTUEAALGPC/xhBQAAACBjSFJN
AAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAAAmJLR0QAAd2KE6QAAAAHdElN
RQflBAkSOAgEM4oMAAAAxUlEQVR42u3NAQkAAAwDoPUvvcU4HC1geil2u91ut9vtdrvdbrfb7Xa7
3W632+12u91ut9vtdrvdbrfb7Xa73W632+12u91ut9vtdrvdbrfb7Xa73W632+12u91ut9vtdrvd
brfb7Xa73W632+12u91ut9vtdrvdbrfb7Xa73W632+12u91ut9vtdrvdbrfb7Xa73W632+12u91u
t9vtdrvdbrfb7Xa73W632+12u91ut9vtdrvdbrfb7Xa73W632+12++t9FESYDx8zamoAAAAldEVY
dGRhdGU6Y3JlYXRlADIwMjEtMDQtMDlUMTg6NTY6MDgrMDA6MDCnDaF3AAAAJXRFWHRkYXRlOm1v
ZGlmeQAyMDIxLTA0LTA5VDE4OjU2OjA4KzAwOjAw1lAZywAAAABJRU5ErkJggg==
--===============6501672606206171874==--
Content-Type: multipart/mixed; boundary="===============8130868917694707556=="
MIME-Version: 1.0
Subject: Sun Tzu says....
From: [email protected]
To: [email protected]
--===============8130868917694707556==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
I. Laying Plans
2. It is a matter of life and death, a road either to safety or to ruin. Hence it is a subject of inquiry which can on no account be neglected.
--===============8130868917694707556==
Content-Type: image/png
MIME-Version: 1.0
Content-Transfer-Encoding: base64
iVBORw0KGgoAAAANSUhEUgAAA+gAAAGQAQAAAAAVNnfMAAAABGdBTUEAALGPC/xhBQAAACBjSFJN
AAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAAAmJLR0QAAd2KE6QAAAAHdElN
RQflBAkSOAgEM4oMAAAAxUlEQVR42u3NAQkAAAwDoPUvvcU4HC1geil2u91ut9vtdrvdbrfb7Xa7
3W632+12u91ut9vtdrvdbrfb7Xa73W632+12u91ut9vtdrvdbrfb7Xa73W632+12u91ut9vtdrvd
brfb7Xa73W632+12u91ut9vtdrvdbrfb7Xa73W632+12u91ut9vtdrvdbrfb7Xa73W632+12u91u
t9vtdrvdbrfb7Xa73W632+12u91ut9vtdrvdbrfb7Xa73W632+12++t9FESYDx8zamoAAAAldEVY
dGRhdGU6Y3JlYXRlADIwMjEtMDQtMDlUMTg6NTY6MDgrMDA6MDCnDaF3AAAAJXRFWHRkYXRlOm1v
ZGlmeQAyMDIxLTA0LTA5VDE4OjU2OjA4KzAwOjAw1lAZywAAAABJRU5ErkJggg==
--===============8130868917694707556==--
Content-Type: multipart/mixed; boundary="===============9046549617560143594=="
MIME-Version: 1.0
...
```
So, we have a bunch of conversations that specify some sort of encoding, and then some associated message.
One "conversation" is grouped like so:
```
Content-Type: multipart/mixed; boundary="===============6501672606206171874=="
MIME-Version: 1.0
Subject: Sun Tzu says....
From: [email protected]
To: [email protected]
--===============6501672606206171874==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
I. Laying Plans
1. Sun Tzu said: The art of war is of vital importance to the State.
--===============6501672606206171874==
Content-Type: image/png
MIME-Version: 1.0
Content-Transfer-Encoding: base64
iVBORw0KGgoAAAANSUhEUgAAA+gAAAGQAQAAAAAVNnfMAAAABGdBTUEAALGPC/xhBQAAACBjSFJN
AAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAAAmJLR0QAAd2KE6QAAAAHdElN
RQflBAkSOAgEM4oMAAAAxUlEQVR42u3NAQkAAAwDoPUvvcU4HC1geil2u91ut9vtdrvdbrfb7Xa7
3W632+12u91ut9vtdrvdbrfb7Xa73W632+12u91ut9vtdrvdbrfb7Xa73W632+12u91ut9vtdrvd
brfb7Xa73W632+12u91ut9vtdrvdbrfb7Xa73W632+12u91ut9vtdrvdbrfb7Xa73W632+12u91u
t9vtdrvdbrfb7Xa73W632+12u91ut9vtdrvdbrfb7Xa73W632+12++t9FESYDx8zamoAAAAldEVY
dGRhdGU6Y3JlYXRlADIwMjEtMDQtMDlUMTg6NTY6MDgrMDA6MDCnDaF3AAAAJXRFWHRkYXRlOm1v
ZGlmeQAyMDIxLTA0LTA5VDE4OjU2OjA4KzAwOjAw1lAZywAAAABJRU5ErkJggg==
--===============6501672606206171874==--
```
So, first it contains an **Content-Type...** line, which specifies a **boundary** value. Then, there's a set of messages, each beginning with a line containing solely that groups boundary indicator. Lastly, it's followed by the boundary indicator, suffixed with two `-`'s.
With the above structure known, we can write a little piece of garbage that just parses out the messages accordingly:
```python
#!/usr/bin/env python3
import re
import base64
def main():
with open('Parcel.tar', 'r') as infile:
contents = infile.readlines()
contents = [x.strip() for x in contents]
sofar = []
filenum = 0
for line in contents:
if 'Content-Type: multipart/mixed; boundary="===============' in line:
boundary = line.split("===============")[-1][:-3]
if f"--==============={boundary}==--" not in line:
sofar.append(line)
else:
sofar.append(line)
print("======================================================================")
for i, subline in enumerate(sofar):
if "Content-Transfer-Encoding: base64" in subline:
b64blob = ''.join(sofar[i+2:]).split("--")[0]
with open("blob"+str(filenum)+".png", "wb") as outfile:
outfile.write(base64.b64decode(b64blob))
sofar = []
filenum += 1
if __name__ == '__main__':
main()
```
Which when run, gives us 130 PNG files:
```bash
ls -alrt
rwxr-xr-x 136 ganondorf ganondorf 4 KiB Fri Apr 9 21:03:50 2021 ./
rwxr-xr-x 7 ganondorf ganondorf 224 B Fri Apr 9 21:04:03 2021 ../
rw-r--r-- 1 ganondorf ganondorf 741 KiB Fri Apr 9 21:03:31 2021 Parcel.tar
rw-r--r-- 1 ganondorf ganondorf 1 KiB Fri Apr 9 21:03:48 2021 decoder.py
rw-r--r-- 1 ganondorf ganondorf 445 B Fri Apr 9 21:03:50 2021 blob0.png
# ...
rw-r--r-- 1 ganondorf ganondorf 445 B Fri Apr 9 21:03:50 2021 blob17.png
rw-r--r-- 1 ganondorf ganondorf 445 B Fri Apr 9 21:03:50 2021 blob18.png
rw-r--r-- 1 ganondorf ganondorf 445 B Fri Apr 9 21:03:50 2021 blob19.png
rw-r--r-- 1 ganondorf ganondorf 445 B Fri Apr 9 21:03:50 2021 blob20.png
rw-r--r-- 1 ganondorf ganondorf 445 B Fri Apr 9 21:03:50 2021 blob21.png
rw-r--r-- 1 ganondorf ganondorf 9 KiB Fri Apr 9 21:03:50 2021 blob22.png
rw-r--r-- 1 ganondorf ganondorf 445 B Fri Apr 9 21:03:50 2021 blob23.png
# ...
rw-r--r-- 1 ganondorf ganondorf 445 B Fri Apr 9 21:03:50 2021 blob45.png
rw-r--r-- 1 ganondorf ganondorf 445 B Fri Apr 9 21:03:50 2021 blob46.png
rw-r--r-- 1 ganondorf ganondorf 445 B Fri Apr 9 21:03:50 2021 blob47.png
rw-r--r-- 1 ganondorf ganondorf 13 KiB Fri Apr 9 21:03:50 2021 blob48.png
rw-r--r-- 1 ganondorf ganondorf 365 B Fri Apr 9 21:03:50 2021 blob49.png
rw-r--r-- 1 ganondorf ganondorf 445 B Fri Apr 9 21:03:50 2021 blob50.png
# ...
rw-r--r-- 1 ganondorf ganondorf 445 B Fri Apr 9 21:03:50 2021 blob116.png
rw-r--r-- 1 ganondorf ganondorf 445 B Fri Apr 9 21:03:50 2021 blob117.png
rw-r--r-- 1 ganondorf ganondorf 42 KiB Fri Apr 9 21:03:50 2021 blob118.png
rw-r--r-- 1 ganondorf ganondorf 3 KiB Fri Apr 9 21:03:50 2021 blob119.png
rw-r--r-- 1 ganondorf ganondorf 445 B Fri Apr 9 21:03:50 2021 blob120.png
rw-r--r-- 1 ganondorf ganondorf 445 B Fri Apr 9 21:03:50 2021 blob121.png
rw-r--r-- 1 ganondorf ganondorf 445 B Fri Apr 9 21:03:50 2021 blob122.png
rw-r--r-- 1 ganondorf ganondorf 365 B Fri Apr 9 21:03:50 2021 blob123.png
rw-r--r-- 1 ganondorf ganondorf 445 B Fri Apr 9 21:03:50 2021 blob124.png
rw-r--r-- 1 ganondorf ganondorf 445 B Fri Apr 9 21:03:50 2021 blob125.png
rw-r--r-- 1 ganondorf ganondorf 445 B Fri Apr 9 21:03:50 2021 blob126.png
rw-r--r-- 1 ganondorf ganondorf 6 KiB Fri Apr 9 21:03:50 2021 blob127.png
rw-r--r-- 1 ganondorf ganondorf 445 B Fri Apr 9 21:03:50 2021 blob128.png
rw-r--r-- 1 ganondorf ganondorf 40 KiB Fri Apr 9 21:03:50 2021 blob129.png
rw-r--r-- 1 ganondorf ganondorf 445 B Fri Apr 9 21:03:50 2021 blob130.png
rw-r--r-- 1 ganondorf ganondorf 365 B Fri Apr 9 21:03:50 2021 blob131.png
```
Inspecting some, the majority appear to be just white (the ones that are only a few hundred bytes).
The ones that are not contain random parts of the flag, that need to be re-assembled manually. Example(s):
and:
I manually pieced together the flag using [Sketch](https://www.sketch.com/downloads/mac/). After doing so, this is the result:
Flag is `RS{Im_doing_a_v1rtual_puzzl3}`.
