Rating: 5.0

Given python scripts takes md5(salt+flag(i)+index)
Splits md5 hash 2 by 2 and creates blue pixel with it. Since we know procedure we can reverse it.

4x4 block is 1 letter of flag.

Salt is between 1-65536
Pepper is known
Ascii char is between 32-126

Since numbers is not big we can bruteforce.

```
from __future__ import print_function
from PIL import Image
from hashlib import md5
import sys
from itertools import product

im= Image.open("release.png")
pix = im.load()

hashes= []
for k in range(20):
hashes.append(''.join([("%02x" % pix[k*32+it[1]*8,it[0]*8][2]) for it in product(range(4),repeat=2)]))
print(hashes)

for idx,block in enumerate(hashes):
for asciiChar in range(32,126):
for salt in range (2**16-1,):
pepper = str(idx)
myhash = md5(str(salt)+chr(asciiChar).encode('utf')+pepper).hexdigest()
if str(myhash) == block :
print(chr(asciiChar),end="")
sys.stdout.flush()
break
else:
continue
break

```

Prints :
```
MCA-27c0384c33a93172
```

eugenekoloApril 25, 2018, 3:53 p.m.

Nice write up :).

You can also sys.stdout.write() instead of print(, end=''). Not really any different, but feels a bit cleaner if you're already doing a sys.stdout.flush.