[name=rlaclgjs@PLUS]
- writeup
Attachments are uploaded on gist
Description
I heared you can find hide data in Audio Sub Bit.
Do you want to look for it?
Challenge provides a file named problem.
Below is file header of problem, opened with HxD Editor.
Reading header of the file, we can know problem is .wav format file.
Because description of the challenge mentioned Audio Sub Bit, I noticed the challenge is about LSB.
Wave information is contained in data subchunk that comes after fmt subchunk.
So, The flag will be hidden in the LSB of the actual information behind the ckID and cksize of the data subchunk.
Let's check out!
with open("problem", "rb") as f:
ckID = f.read(4)
cksize = f.read(4)
WAVEID = f.read(4)
ckID_ = f.read(4)
cksize_ = f.read(4)
wFormatTag = f.read(2)
nChannels = f.read(2)
nSamplesPerSec = f.read(4)
nAvgBytesPerSec = f.read(4)
nBlockAlign = f.read(2)
wBitPerSample = f.read(2)
ckID__ = f.read(4)
cksize__ = f.read(4)
print("ckID : %s"%ckID)
print("cksize : %s"%cksize)
print("WAVEID : %s"%WAVEID)
print("=======")
print("ckID : %s"%ckID_)
print("cksize : %s"%cksize_)
print("wFormatTag : %s"%wFormatTag)
print("nChannels : %s"%nChannels)
print("nSamplePerSec : %s"%nSamplesPerSec)
print("nAvgBytesPerSec : %s"%nAvgBytesPerSec)
print("nBlockAlign : %s"%nBlockAlign)
print("wBitPerSample : %s"%wBitPerSample)
print("=======")
print("ckID : %s"%ckID__)
print("cksize : %s"%cksize__)
res = open("res.txt", "w", encoding="utf-8")
while True:
for i in range(8):
break_f = 0
data_raw = f.read(1)
if not data_raw:
break_f = 1
break
data = str(bin(int.from_bytes(data_raw, 'big') & 1)).split('b')[1]
res.write(data)
if(break_f==1):
break
res.write("\n")
res.close()
res_r = open("res.txt", "r")
res_string = open("res_str.txt", "w", encoding="utf-8")
for l in res_r:
try:
res_string.write(chr(int(l,2)))
except:
res_string.close()
res_string.close()
Then in the first line of the file res_str.txt, there is a flag!
Defenit{Y0u_knOw_tH3_@uD10_5t39@No9rAphy?!}