Лаборатория ASIS CTF Quals 2016 - Wacky Agent [75]

delimitry
, 23 мая 2016

Rookie Agent strikes again! He tried to encrypt a message, and now has forgotten what he has done! 

I have not solved this task during the CTF. But today I've finally solved it :)

We have a file with two huge base64 text blocks. 

qk12haeaaaaaaioaaab8aaaanwiaacuaaaabacaaawaaaoydaqaaaaaaaaaaaaaaaaaaaaaaaad/aad/aad/aaaaaaaa/0jhunoawvuoylgefscf6wfamzmtggzmjkbmzgagmzkjparxayrcjziaaaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa...
ke12buyuuuuuuciuuuv8uuuuhqcuuwouuuuvuwuuuquuuisxukuuuuuuuuuuuuuuuuuuuuuuuux/uux/uux/uuuuuuuu/0dbohiuqpoisfayzmwz6qzugtgnaatgdevgtauagtedjulruslwdtcuuuuuuuuuuuuuuuuyuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu...

The second text block is just encoded with ROT6 first text block. Each character (except 0-9, / and =), i.e. letter, is replaced with the letter 6 letters after in the alphabet (ROT6).

After converting blocks to uppercase, decoding and saving to the files I've noticed that the file with decoded first block looks like some kind of real binary file (with some null bytes and data).

Unfortunately a reference to the ASIS CTF 2013 Rookie Agent  task misleaded me :(

But the size of decoded file (99446 bytes) made it clear that the resulting file is an image. And this image is not compressed (according to the low entropy of the file).

Then I took the header of BMP file, filled it and encoded to base64.
A structure of encoded header and some of the characters have matched.
Then I picked up the required fields in the header. For example:
width = 671
height = 37
bits per pixel = 32
And made a map of some characters replacement. 

And finally I've got image file with a flag:


The flag is: ASIS{bAse6A_bMp_Reve41s_the_Secr37!}