[Sharif University CTF 2016] [Forensic 400 – Blocks] Write UpDescription
I recovered as much data as I could. Can you recover the flag?
Resolution
Using strings of the file we got:
CREATE TABLE "data" ( `ID` INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT UNIQUE, `Data` BLOB NOT NULL, `Cat` INTEGER NOT NULL indexsqlite_autoindex_data_1data Ytablesqlite_sequencesqlite_sequence CREATE TABLE sqlite_sequence(name,seq) _tablecategorycategory CREATE TABLE `category` ( `ID` INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT UNIQUE, `Cat` TEXT NOT NULL indexsqlite_autoindex_category_1category
It seems to be a SQLite database but the header was missing:
0000000: 2033 0004 0001 0100 4020 2000 0000 0b00 3......@ .....
The correct header of a SQLite database should be:
0000000: 5351 4c69 7465 2066 6f72 6d61 7420 3300 SQLite format 3.
As we already had the end “20 33 00” we needed to add “5351 4c69 7465 2066 6f72 6d61 74”.
Generating a correct file was done using:
$ echo "5351 4c69 7465 2066 6f72 6d61 74" | tr -d " " | xxd -r -p > data1 cat data* > data.sqlite
We checked if the file has been correctly generated:
$ file data.sqlite data.sqlite: SQLite 3.x database
Using DB Browser we saw 2 interesting tables “category” and “data”:
The next step was to dump the correct columns and rows:
sql> SELECT c.Cat, hex(Data) FROM data d, category c WHERE d.Cat = c.ID; Cat | hex(Data) ---------------- IDAT | A52BC29E1339DD754A5744DDDBDDDDFF081B7FDDD93BB749315E9B9E7780EC190DA7683F840511AF90BA7906F8D6729ADD558BA81FC2DA32160EB20E6BCB5038CA356B357D0031EF0D0DBA2243DF95AB15998445A2C56395AE08EBAE4EF6C790A64D2BCF7F744582D702A1795112BCA618744582EBD0C4F0D1B6D1700A7B44A9D07D09541669FAE9506591E55E75BEBF098A8B04AD3FEE6C9A811CAD2FEB8F790672B4FB406A77CC4B57045D313D7FEB8AB8F7863E5D11B77A9ED21541ED79BE8234DEC94009EB3894E8661794459AFE46681D873CFD162C972DD20CAB82BA22EE7E93A883A9241A8E79BD3E82EFB47758BA22AC8D61393E488A71239FE383E4B8F7F475FFD61551DD IDAT | 9C63F53A997DA3E114D78ED1FE937DA3E114EB9313DB86C321161B187445D8FB3EA82BE2AE759CFE035D11F5AA485724F0784585D5F3D5B6C1708C679FCCEE917092FB2EA82C52CD65C98B1C63592E5CC45D8F57F73FCD3390E01591AE48F08E4857C4BD2F4FBA22CEB9542A5C5F016D7227D3FB5C2AC4F5A751954596BF355D6F45FEFC0D51F703D6F504EFBA458AA72CF3ED64EAD70575C5F75E9B443F1F2EFE17FCD77EB8DFE98A907F7A44D715DFFBA7FDC7BA22CAD5891AE616A8A12C6A088B2AC2A284B028212C6A288B14ABE3385B06C251568B84CA226A1991B208FA61DA4A58C4FC3421AA2C42DA7A15C7BD9098CF4EACD716526111D2EF6C6FF70DD0822151CFCEF6EEBA IDAT | 2DE98A346D0ACBEFA592E1D595DB2109C68C9AED32A4585CA07445D86207B2AE885B9C99D0156177502E5364B291810AE31DB0B90D92642ACB658B1CF3D7415D91C23C03A956CFECBA226AB5AD5D5744CD0726AC3B93615AC5D115295EAB38BA2281872A2A7447BC8445225D5147569418E645770E84B3D82E43095F0D29E1F51FA419BE083EAF2CDA38224E302E095A2024C7B3D63C94B57954FC76FDD3FA733FDC351A8E613F1F055A3F0DAA2C928C0F53C222C9F494AE2C92088B1AEE8564BBA6ADBA4F8445D8BB225D11B7EC4A5804E98A0AF372A0F54152CC5B1864458EEBE777EF7FEA8A0CE32F10AA8A24CF717A8F5764BA5F00A22B32B5FB07087545A2E7F94A5744F511B5 IDAT | 789CEDDDCB8EE4B81140D1FEFF9FA66D744A2229D6C0CE88005DC4399BA9CED970712129F950FEF903000000000000000000000000000000000000000000000000000000FC3F6BBB07C081DA5FBB87C1615A5316F93E49098B5C5751C222D1730BFC7BDDDA3A18CED175D5DC0FC9F369A95D61298BA8EBD9AA7B76571661FD53FBF3B7B088E913D21559DA18D6FDE1A6E1708CBEACD63F6E41485796AF84241ACBD21549DA5CD6D6D170087B1AA8706F96511689AEA23E4B39BB87C329FAC567972DD2F47358C2224D1BCBDA39144ED2867BE1DEB17092BB275D91EAFE3EA82B3258C6A142F37D907C634ABA22C75892AEC8F11CC571D88B447D578EA792E5E9CAD58A4CFF8EE9D9D5 IDAT | 7DE3E10C8BC9765D11D69FC2993F826F2DF7B6EB8A2877400ABC9ED9F70D85934C5FFF844592392C6591C3BD901ADE0349AA45442E58042D775D59C8216879624257447DCE4C8C73A3BA22EA7D745E56C475EBCEAF8FE06B8BB02081B7C850E23E3D282C520DD30DF2226AF56B002E5C44750D75D72B5D1133CC827E4E0FEA8AA8F91CEA6A5D07FE57EF841C7826CEA5890ABAA28267296A784CA7866F8054D11645A445116991647518475AC42C2BD215419603A9D0DEE7BC20CE1E514A383441897E97A8B848D3EE1F89531689FA977F088B3CE3292F6591465814111649C647755D91A3CD617D9EDD8545C4E78D1FE307BA226AB99B41574449880AAE4D9410163594458DCFD742 PLTE | 0000000101010202020303030404040505050606060707070808080909090A0A0A0B0B0B0C0C0C0D0D0D0E0E0E0F0F0F1010101111111212121313131414141515151616161717171818181919191A1A1A1B1B1B1C1C1C1D1D1D1E1E1E1F1F1F2020202121212222222323232424242525252626262727272828282929292A2A2A2B2B2B2C2C2C2D2D2D2E2E2E2F2F2F3030303131313232323333333434343535353636363737373838383939393A3A3A3B3B3B3C3C3C3D3D3D3E3E3E3F3F3F4040404141414242424343434444444545454646464747474848484949494A4A4A4B4B4B4C4C4C4D4D4D4E4E4E4F4F4F5050505151515252525353535454545555555656565757575858585959595A5A5A5B5B5B5C5C5C5D5D5D5E5E5E5F5F5F6060606161616262626363636464646565656666666767676868686969696A6A6A6B6B6B6C6C6C6D6D6D6E6E6E6F6F6F7070707171717272727373737474747575757676767777777878787979797A7A7A7B7B7B7C7C7C7D7D7D7E7E7E7F7F7F8080808181818282828383838484848585858686868787878888888989898A8A8A8B8B8B8C8C8C8D8D8D8E8E8E8F8F8F9090909191919292929393939494949595959696969797979898989999999A9A9A9B9B9B9C9C9C9D9D9D9E9E9E9F9F9FA0A0A0A1A1A1A2A2A2A3A3A3A4A4A4A5A5A5A6A6A6A7A7A7A8A8A8A9A9A9AAAAAAABABABACACACADADADAEAEAEAFAFAFB0B0B0B1B1B1B2B2B2B3B3B3B4B4B4B5B5B5B6B6B6B7B7B7B8B8B8B9B9B9BABABABBBBBBBCBCBCBDBDBDBEBEBEBFBFBFC0C0C0C1C1C1C2C2C2C3C3C3C4C4C4C5C5C5C6C6C6C7C7C7C8C8C8C9C9C9CACACACBCBCBCCCCCCCDCDCDCECECECFCFCFD0D0D0D1D1D1D2D2D2D3D3D3D4D4D4D5D5D5D6D6D6D7D7D7D8D8D8D9D9D9DADADADBDBDBDCDCDCDDDDDDDEDEDEDFDFDFE0E0E0E1E1E1E2E2E2E3E3E3E4E4E4E5E5E5E6E6E6E7E7E7E8E8E8E9E9E9EAEAEAEBEBEBECECECEDEDEDEEEEEEEFEFEFF0F0F0F1F1F1F2F2F2F3F3F3F4F4F4F5F5F5F6F6F6F7F7F7F8F8F8F9F9F9FAFAFAFBFBFBFCFCFCFDFDFDFEFEFEFFFFFF IHDR | 00000258000002580803000000 IDAT | 69A6DFC6F9FC4757C4CCAB38D767FB46C409A6F5C0EB3BA1AE0869DD1CC3E7DFBE0F12F7FA12A82B32ACF68BEE1A0B07F15E514ABCBF11428271AE61E748388B4B16351C1FA486635ED4E8B6CAEC1E0ABFDDBC8E635E94046D4A495764E8B789769FED1B1047B04D9412AE531418AF52CA22C7FC942E2C72BCC2521629DC0BA93185B56F201CC6058B44CBC9756111B45CB6D115418B8566EB83842DDEC9A02BE216CB83BA22C1E27701B68D85835878A6842D0DD4701A871A2E599470C9A246FFAAA2CD43E1289FA9775D11F42AC8392F12581FA4421BEC1E0D07F904D5AC0B92AB3BF3BC7B281CE56F59BA229B272C6AE88A1AC2A2C23DDDBE7B20FC7A43469F9F4D151651EBF9F6 IDAT | FB316BDB7038C4BCAF6FDF4838C862B6DD3C0361AF6F7FE61948F1AA4858A49833D21539DE3B1AB60D85A3CC656D1B08877191A2C6F3EA8FCD03E130DE7F458ED5591C5D11B53E35A12B625611E98AA8D5FE505D11D5EE7DA2F367F0BD67CBD57B1B167CEB69683C41B86B3C1CE2990C1D2E59BB86C331FCC80475FAE3CE5B07C2599CA3A784AE48B37CFFA3B0086AD3C4D5F05FF8D2B48CD3EC6720C315D2F081AE085ABC9241578435CF5414E8BB1216797445215951C2FA2015AC0F92699193AE085B5CA75CB0085B2C10EA8AB0617ABD5D768E88134C0B84BA22C57B81D07D90380B8494581EF482A0E74BA0B2C8D4BD4DEDEF53FCEE0171867EF7B1CB1669869BA0AE48648B1F IDAT | 68EFB05CB1089B0FE3FCD11509A6D905D30DA4B8569A870F74455073EFA382A7752A0C2B849BC7C241BA5DA2CA224FFF84F5B7AEDD23E20CFDE482FB2169E6BDC85B07C34986ADA37B87C251CC3890A6FD9997077545D8E29497AE886A8FE183BDA3E2B71B66179E8F7445C8386B2527B28CE7079545CC54D0FDC4AE2C22E682CC3190E115D0F3A4B561341CE3D58F651C12BCF3B18E43826558F6BA13B62ECB7C03513F96B565349C63D190AC4820236A288B1AC2A2844B1625744509F30B5430234A8DFF34A52C8ADCCBCF9BC7C1692C3F53C3C3163574450D59010000000000000000000000000000000000000000000000000000C0FF977F011C7CC61B IDAT | B07B309CA39B5F70C52291AEA8D13F6641D8BC8EA32B32CCBBAF74458679BE7DDF483889751C6A4C0BCF1B47C239E6A7755D91603C972A2A728C33A26E832469F304D6D6D1708C7923F2CEB1F0DB0D930BDD9FBA22621D90AE08BAB687B6C587F0BD7B0BC3F091AE885ABCA95657647085A284AEA8A12C6ADC6B399BC7C169AE49076591AB75C708218F65676AE88AB04542BA22EC7AD7C7F4D1B6F170867107F2FDD1C6117182D5C9795D1175BF9A68684957C4745DB94A91E89E635716D9EE151C6591A83B3FD8ECEA238FF383D4D215195E0DE98AB8F78D4F578459C8A1C2FD72A2F1D51F1B47C411869EE68FE04BD31DF0F3C7A6C1700A5B19A8F0FE32B86D281CE53DCBB06D28 TRNS | FF00 IDAT | 5F0649D646BB87C3319EA6744598DFF322DFF2A6A72B82DE59B90F9260D195E776C2D6B7415D11B46A4857845DC771768F83C35C7356CA229759766AF45D098C4CFDCFE46C1D086771C1A2C4F3A686DD23E1779B9ED79F7D581BC7C4EFF7FA26E8AB2119DE17285D91C0D9792AF81248096F91A184B0A861DA8A12E3F92E799165E8CA858B34C386066111D335745DB17445D0B46AE3203D29DE7B90654582FBCEB77B209CC5EFC451C1FA2025BA592B4F56E4E966179445A2BE286191C72A0E45FA759CBD23E12CAE5894F088459631A2F7BA0E7C619E5D30D940827EEE6AFA0CBE66331F25ACE25063E84A59E4BAE718760F84A398142553BF03F9F31F6111364C5D5D7F6C1B0DA7 IDAT | 2ED1F11308B82B921389C6F9506591E3BE0F3AE745AAEE7CD7FCF5100286EF84BA22CDF09D5057E4D2154996A7717445D0B57233A4A42B825A5B960521B68952E1B54B0632F435298B24E3ED4F5824999EAB9445126151C3BD901AC222D36AD64A57042D67DACD9012B45E1DD41541EF2D57D60A49F03E3B2F2B12BC7F2C5C572478870509BC468612CF11AFDD23E12CC37483BC48D3CD2EB87091C81B40A8E10C05457445821F22921521ADB9F751E199BB5216997C0FA4C61594AEC875DF0D770F84C378C2A286AEA8F1094B5CA4FADC0A5DB6C8D5BD701BBEB72A4857442D97707445D46A815057C45D5F0287B2760E8843F40B849B87C2519E6BD6EE9170161357A4F2BE0F2A74
The categories are the chunks of a PNG.
Using the PNG Chunk Ordering Summary we found the correct order for categories:
Chunk Type Multiple Optional Position IHDR No No First chunk PLTE No Yes Before IDAT tRNS No Yes After PLTE and before IDAT IDAT Yes No Contiguous with other IDATs IEND No No Last chunk
The main question was : “is it multiples images or a unique one?”, but the IHDR chunk have us the answer.
Do you know that the width and height of the image are written in this chunk? (cf. IHDR Image header)
The database gave us “00000258000002580803000000”, decomposed it was:
00 00 02 58 // Width [4 bytes] 00 00 02 58 // Height [4 bytes]
0x258 = 600, the image should be 600×600 pixels so we had to use all the IDAT parts.
OK we had the order but the PNG header & co. were missing in order to create the image file 🙁
Using the PNG file header and chunks specifications it would be easier.
PNG header // Missing: should be "89 50 4E 47 0D 0A 1A 0A" IHDR content // In DB IHDR CRC // Missing: has been put to "FF FF FF FF" PLTE length // Missing: calculated with PLTE length "00 00 03 00" (768, in hex) PLTE tag // Missing: "50 4c 54 45" (PLTE, in hex) PLTE content // In DB PLTE CRC // Missing: has been put to "FF FF FF FF" tRNS length // Missing: calculated with tRNS length "00 00 00 02" (2, in hex) tRNS tag // Missing: "74 52 4e 53" (tRNS, in hex) tRNS content // In DB tRNS CRC // Missing: has been put to "FF FF FF FF" IDAT length // Missing: calculated with IDAT length "00 00 01 09" (265, in hex) OR "00 00 00 FF" (255, in hex) IDAT tag // Missing: "49 44 41 54" (IDAT, in hex) IDAT content // In DB IDAT CRC // Missing: has been put to "FF FF FF FF" // Other IDAT parts IEND data // Missing: "00 00 00 00" (data is always empty) IEND tag // Missing: "49 45 4e 44" (IEND, in hex) IEND CRC // Missing: has been put to "FF FF FF FF"
As you can see, some parts were missing but can be corrected.
The following steps were:
– Select the IDAT parts in the right order
– Calculate all the CRC values
For the IDAT parts:
PNG specification was giving us a hint again.
The first IDAT part should begin with “78 9C” as it’s Zlib compression.
The last IDAT part is, by deduction, the smallest one with a length of only 255.
Instead of guessing 11 parts (11! = 39916800 results) we reduced this number to 9 parts (9! = 362880 results). #factorials
The CRC part was quite simple:
We generated a PNG file with all the informations given above and used the pngcheck utility:
$ pngcheck -v image.png
File: image.png (3876 bytes)
chunk IHDR at offset 0x0000c, length 13
600 x 600 image, 8-bit palette, non-interlaced
CRC error in chunk IHDR (computed 89b868ee, expected ffffffff)
ERRORS DETECTED in image.png
We modified the CRC value of IHDR, it has to be 89b868ee instead of ffffffff.
For all the others CRC it was the same repeated thing:
// PLTE CRC
chunk PLTE at offset 0x00025, length 768: 256 palette entries
CRC error in chunk PLTE (computed e2b05d7d, expected ffffffff)
// tRNS CRC
chunk tRNS at offset 0x00331, length 2: 2 transparency entries
CRC error in chunk tRNS (computed 6de437eb, expected ffffffff)
// 1st IDAT CRC
chunk IDAT at offset 0x0033f, length 265
zlib: deflated, 32K window, default compression
CRC error in chunk IDAT (computed 5eb3ac46, expected ffffffff)
// 2nd IDAT CRC
chunk IDAT at offset 0x00454, length 265
CRC error in chunk IDAT (computed ffb8f1b7, expected ffffffff)
// 3rd IDAT CRC
chunk IDAT at offset 0x00569, length 265
CRC error in chunk IDAT (computed a5df22c8, expected ffffffff)
// 4th IDAT CRC
chunk IDAT at offset 0x0067e, length 265
CRC error in chunk IDAT (computed 75038040, expected ffffffff)
// 5th IDAT CRC
chunk IDAT at offset 0x00793, length 265
CRC error in chunk IDAT (computed 07bfae84, expected ffffffff)
// 6th IDAT CRC
chunk IDAT at offset 0x008a8, length 265
CRC error in chunk IDAT (computed 3fa4c112, expected ffffffff)
// 7th IDAT CRC
chunk IDAT at offset 0x009bd, length 265
CRC error in chunk IDAT (computed 5c1efb89, expected ffffffff)
// 8th IDAT CRC
chunk IDAT at offset 0x00ad2, length 265
CRC error in chunk IDAT (computed 02fbd5bb, expected ffffffff)
// 9th IDAT CRC
chunk IDAT at offset 0x00be7, length 265
CRC error in chunk IDAT (computed 86dd5640, expected ffffffff)
// 10th IDAT CRC
chunk IDAT at offset 0x00cfc, length 265
CRC error in chunk IDAT (computed f4b007a5, expected ffffffff)
// 11th (and last) IDAT CRC
chunk IDAT at offset 0x00e11, length 255
CRC error in chunk IDAT (computed 2f899c33, expected ffffffff)
// IEND CRC
chunk IEND at offset 0x00f1c, length 0
CRC error in chunk IEND (computed ae426082, expected ffffffff)
Finaly we got a PNG without errors:
$ pngcheck -v image.png
File: image.png (3876 bytes)
chunk IHDR at offset 0x0000c, length 13
600 x 600 image, 8-bit palette, non-interlaced
chunk PLTE at offset 0x00025, length 768: 256 palette entries
chunk tRNS at offset 0x00331, length 2: 2 transparency entries
chunk IDAT at offset 0x0033f, length 265
zlib: deflated, 32K window, default compression
chunk IDAT at offset 0x00454, length 265
chunk IDAT at offset 0x00569, length 265
chunk IDAT at offset 0x0067e, length 265
chunk IDAT at offset 0x00793, length 265
chunk IDAT at offset 0x008a8, length 265
chunk IDAT at offset 0x009bd, length 265
chunk IDAT at offset 0x00ad2, length 265
chunk IDAT at offset 0x00be7, length 265
chunk IDAT at offset 0x00cfc, length 265
chunk IDAT at offset 0x00e11, length 255
chunk IEND at offset 0x00f1c, length 0
No errors detected in image.png (15 chunks, 98.9% compression).
We opened our PNG and… TADA!
It worked, but the IDAT chunk were not in the correct order.
After several tries we got something like that:
We decided to write a python script for generating a random with the IDAT parts.
It was not optimized at all and will generate lot of duplicates 😀
#!/usr/bin/python
import random, os, sys
# PNG header
img = '\x89\x50\x4E\x47\x0D\x0A\x1A\x0A'
# -- IHDR --
img += '\x00\x00\x00\x0d'
img += 'IHDR'
img += '\x00\x00\x02\x58' # Width (600px)
img += '\x00\x00\x02\x58' # Height (600px)
img += '\x08' # Bit depth
img += '\x03' # Colour type
img += '\x00' # Compression method
img += '\x00' # Filter method
img += '\x00' # Interlace method
img += '\x89\xb8\x68\xee' # CRC
# -- PLTE --
img += '\x00\x00\x03\x00' # Length (768)
img += 'PLTE'
img += '\x00\x00\x00\x01\x01\x01\x02\x02\x02\x03\x03\x03\x04\x04\x04\x05\x05\x05\x06\x06\x06\x07\x07\x07\x08\x08\x08\x09\x09\x09\x0A\x0A\x0A\x0B\x0B\x0B\x0C\x0C\x0C\x0D\x0D\x0D\x0E\x0E\x0E\x0F\x0F\x0F\x10\x10\x10\x11\x11\x11\x12\x12\x12\x13\x13\x13\x14\x14\x14\x15\x15\x15\x16\x16\x16\x17\x17\x17\x18\x18\x18\x19\x19\x19\x1A\x1A\x1A\x1B\x1B\x1B\x1C\x1C\x1C\x1D\x1D\x1D\x1E\x1E\x1E\x1F\x1F\x1F\x20\x20\x20\x21\x21\x21\x22\x22\x22\x23\x23\x23\x24\x24\x24\x25\x25\x25\x26\x26\x26\x27\x27\x27\x28\x28\x28\x29\x29\x29\x2A\x2A\x2A\x2B\x2B\x2B\x2C\x2C\x2C\x2D\x2D\x2D\x2E\x2E\x2E\x2F\x2F\x2F\x30\x30\x30\x31\x31\x31\x32\x32\x32\x33\x33\x33\x34\x34\x34\x35\x35\x35\x36\x36\x36\x37\x37\x37\x38\x38\x38\x39\x39\x39\x3A\x3A\x3A\x3B\x3B\x3B\x3C\x3C\x3C\x3D\x3D\x3D\x3E\x3E\x3E\x3F\x3F\x3F\x40\x40\x40\x41\x41\x41\x42\x42\x42\x43\x43\x43\x44\x44\x44\x45\x45\x45\x46\x46\x46\x47\x47\x47\x48\x48\x48\x49\x49\x49\x4A\x4A\x4A\x4B\x4B\x4B\x4C\x4C\x4C\x4D\x4D\x4D\x4E\x4E\x4E\x4F\x4F\x4F\x50\x50\x50\x51\x51\x51\x52\x52\x52\x53\x53\x53\x54\x54\x54\x55\x55\x55\x56\x56\x56\x57\x57\x57\x58\x58\x58\x59\x59\x59\x5A\x5A\x5A\x5B\x5B\x5B\x5C\x5C\x5C\x5D\x5D\x5D\x5E\x5E\x5E\x5F\x5F\x5F\x60\x60\x60\x61\x61\x61\x62\x62\x62\x63\x63\x63\x64\x64\x64\x65\x65\x65\x66\x66\x66\x67\x67\x67\x68\x68\x68\x69\x69\x69\x6A\x6A\x6A\x6B\x6B\x6B\x6C\x6C\x6C\x6D\x6D\x6D\x6E\x6E\x6E\x6F\x6F\x6F\x70\x70\x70\x71\x71\x71\x72\x72\x72\x73\x73\x73\x74\x74\x74\x75\x75\x75\x76\x76\x76\x77\x77\x77\x78\x78\x78\x79\x79\x79\x7A\x7A\x7A\x7B\x7B\x7B\x7C\x7C\x7C\x7D\x7D\x7D\x7E\x7E\x7E\x7F\x7F\x7F\x80\x80\x80\x81\x81\x81\x82\x82\x82\x83\x83\x83\x84\x84\x84\x85\x85\x85\x86\x86\x86\x87\x87\x87\x88\x88\x88\x89\x89\x89\x8A\x8A\x8A\x8B\x8B\x8B\x8C\x8C\x8C\x8D\x8D\x8D\x8E\x8E\x8E\x8F\x8F\x8F\x90\x90\x90\x91\x91\x91\x92\x92\x92\x93\x93\x93\x94\x94\x94\x95\x95\x95\x96\x96\x96\x97\x97\x97\x98\x98\x98\x99\x99\x99\x9A\x9A\x9A\x9B\x9B\x9B\x9C\x9C\x9C\x9D\x9D\x9D\x9E\x9E\x9E\x9F\x9F\x9F\xA0\xA0\xA0\xA1\xA1\xA1\xA2\xA2\xA2\xA3\xA3\xA3\xA4\xA4\xA4\xA5\xA5\xA5\xA6\xA6\xA6\xA7\xA7\xA7\xA8\xA8\xA8\xA9\xA9\xA9\xAA\xAA\xAA\xAB\xAB\xAB\xAC\xAC\xAC\xAD\xAD\xAD\xAE\xAE\xAE\xAF\xAF\xAF\xB0\xB0\xB0\xB1\xB1\xB1\xB2\xB2\xB2\xB3\xB3\xB3\xB4\xB4\xB4\xB5\xB5\xB5\xB6\xB6\xB6\xB7\xB7\xB7\xB8\xB8\xB8\xB9\xB9\xB9\xBA\xBA\xBA\xBB\xBB\xBB\xBC\xBC\xBC\xBD\xBD\xBD\xBE\xBE\xBE\xBF\xBF\xBF\xC0\xC0\xC0\xC1\xC1\xC1\xC2\xC2\xC2\xC3\xC3\xC3\xC4\xC4\xC4\xC5\xC5\xC5\xC6\xC6\xC6\xC7\xC7\xC7\xC8\xC8\xC8\xC9\xC9\xC9\xCA\xCA\xCA\xCB\xCB\xCB\xCC\xCC\xCC\xCD\xCD\xCD\xCE\xCE\xCE\xCF\xCF\xCF\xD0\xD0\xD0\xD1\xD1\xD1\xD2\xD2\xD2\xD3\xD3\xD3\xD4\xD4\xD4\xD5\xD5\xD5\xD6\xD6\xD6\xD7\xD7\xD7\xD8\xD8\xD8\xD9\xD9\xD9\xDA\xDA\xDA\xDB\xDB\xDB\xDC\xDC\xDC\xDD\xDD\xDD\xDE\xDE\xDE\xDF\xDF\xDF\xE0\xE0\xE0\xE1\xE1\xE1\xE2\xE2\xE2\xE3\xE3\xE3\xE4\xE4\xE4\xE5\xE5\xE5\xE6\xE6\xE6\xE7\xE7\xE7\xE8\xE8\xE8\xE9\xE9\xE9\xEA\xEA\xEA\xEB\xEB\xEB\xEC\xEC\xEC\xED\xED\xED\xEE\xEE\xEE\xEF\xEF\xEF\xF0\xF0\xF0\xF1\xF1\xF1\xF2\xF2\xF2\xF3\xF3\xF3\xF4\xF4\xF4\xF5\xF5\xF5\xF6\xF6\xF6\xF7\xF7\xF7\xF8\xF8\xF8\xF9\xF9\xF9\xFA\xFA\xFA\xFB\xFB\xFB\xFC\xFC\xFC\xFD\xFD\xFD\xFE\xFE\xFE\xFF\xFF\xFF'
img += '\xe2\xb0\x5d\x7d' # CRC
# -- tRNS --
img += '\x00\x00\x00\x02' # Length (2)
img += 'tRNS'
img += '\xFF\x00' # Content
img += '\xe5\xb7\x30\x4a' # CRC
# -- IDAT --
# First part (\x78\x9c = Zlib header)
img += '\x00\x00\x01\x09' # Length (265)
img += 'IDAT'
img += '\x78\x9C\xED\xDD\xCB\x8E\xE4\xB8\x11\x40\xD1\xFE\xFF\x9F\xA6\x6D\x74\x4A\x22\x29\xD6\xC0\xCE\x88\x00\x5D\xC4\x39\x9B\xA9\xCE\xD9\x70\x71\x21\x29\xF9\x50\xFE\xF9\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xFC\x3F\x6B\xBB\x07\xC0\x81\xDA\x5F\xBB\x87\xC1\x61\x5A\x53\x16\xF9\x3E\x49\x09\x8B\x5C\x57\x51\xC2\x22\xD1\x73\x0B\xFC\x7B\xDD\xDA\x3A\x18\xCE\xD1\x75\xD5\xDC\x0F\xC9\xF3\x69\xA9\x5D\x61\x29\x8B\xA8\xEB\xD9\xAA\x7B\x76\x57\x16\x61\xFD\x53\xFB\xF3\xB7\xB0\x88\xE9\x13\xD2\x15\x59\xDA\x18\xD6\xFD\xE1\xA6\xE1\x70\x8C\xBE\xAC\xD6\x3F\x6E\x41\x48\x57\x96\xAF\x84\x24\x1A\xCB\xD2\x15\x49\xDA\x5C\xD6\xD6\xD1\x70\x08\x7B\x1A\xA8\x70\x6F\x96\x51\x16\x89\xAE\xA2\x3E\x4B\x39\xBB\x87\xC3\x29\xFA\xC5\x67\x97\x2D\xD2\xF4\x73\x58\xC2\x22\x4D\x1B\xCB\xDA\x39\x14\x4E\xD2\x86\x7B\xE1\xDE\xB1\x70\x92\xBB\x27\x5D\x91\xEA\xFE\x3E\xA8\x2B\x32\x58\xC6\xA1\x42\xF3\x7D\x90\x7C\x63\x4A\xBA\x22\xC7\x58\x92\xAE\xC8\xF1\x1C\xC5\x71\xD8\x8B\x44\x7D\x57\x8E\xA7\x92\xE5\xE9\xCA\xD5\x8A\x4C\xFF\x8E\xE9\xD9\xD5'
img += '\x5e\xb3\xac\x46' # CRC
# random of the 9 IDAT parts
idats = [
'\x00\x00\x01\x09' + 'IDAT' + '\x2E\xD1\xF1\x13\x08\xB8\x2B\x92\x13\x89\xC6\xF9\x50\x65\x91\xE3\xBE\x0F\x3A\xE7\x45\xAA\xEE\x7C\xD7\xFC\xF5\x10\x02\x86\xEF\x84\xBA\x22\xCD\xF0\x9D\x50\x57\xE4\xD2\x15\x49\x96\xA7\x71\x74\x45\xD0\xB5\x72\x33\xA4\xA4\x2B\x82\x5A\x5B\x96\x05\x21\xB6\x89\x52\xE1\xB5\x4B\x06\x32\xF4\x35\x29\x8B\x24\xE3\xED\x4F\x58\x24\x99\x9E\xAB\x94\x45\x12\x61\x51\xC3\xBD\x90\x1A\xC2\x22\xD3\x6A\xD6\x4A\x57\x04\x2D\x67\xDA\xCD\x90\x12\xB4\x5E\x1D\xD4\x15\x41\xEF\x2D\x57\xD6\x0A\x49\xF0\x3E\x3B\x2F\x2B\x12\xBC\x7F\x2C\x5C\x57\x24\x78\x87\x05\x09\xBC\x46\x86\x12\xCF\x11\xAF\xDD\x23\xE1\x2C\xC3\x74\x83\xBC\x48\xD3\xCD\x2E\xB8\x70\x91\xC8\x1B\x40\xA8\xE1\x0C\x05\x45\x74\x45\x82\x1F\x22\x92\x15\x21\xAD\xB9\xF7\x51\xE1\x99\xBB\x52\x16\x99\x7C\x0F\xA4\xC6\x15\x94\xAE\xC8\x75\xDF\x0D\x77\x0F\x84\xC3\x78\xC2\xA2\x86\xAE\xA8\xF1\x09\x4B\x5C\xA4\xFA\xDC\x0A\x5D\xB6\xC8\xD5\xBD\x70\x1B\xBE\xB7\x2A\x48\x57\x44\x2D\x97\x70\x74\x45\xD4\x6A\x81\x50\x57\xC4\x5D\x5F\x02\x87\xB2\x76\x0E\x88\x43\xF4\x0B\x84\x9B\x87\xC2\x51\x9E\x6B\xD6\xEE\x91\x70\x16\x13\x57\xA4\xF2\xBE\x0F\x2A\x74' + '\xf4\xb0\x07\xa5',
'\x00\x00\x01\x09' + 'IDAT' + '\x5F\x06\x49\xD6\x46\xBB\x87\xC3\x31\x9E\xA6\x74\x45\x98\xDF\xF3\x22\xDF\xF2\xA6\xA7\x2B\x82\xDE\x59\xB9\x0F\x92\x60\xD1\x95\xE7\x76\xC2\xD6\xB7\x41\x5D\x11\xB4\x6A\x48\x57\x84\x5D\xC7\x71\x76\x8F\x83\xC3\x5C\x73\x56\xCA\x22\x97\x59\x76\x6A\xF4\x5D\x09\x8C\x4C\xFD\xCF\xE4\x6C\x1D\x08\x67\x71\xC1\xA2\xC4\xF3\xA6\x86\xDD\x23\xE1\x77\x9B\x9E\xD7\x9F\x7D\x58\x1B\xC7\xC4\xEF\xF7\xFA\x26\xE8\xAB\x21\x19\xDE\x17\x28\x5D\x91\xC0\xD9\x79\x2A\xF8\x12\x48\x09\x6F\x91\xA1\x84\xB0\xA8\x61\xDA\x8A\x12\xE3\xF9\x2E\x79\x91\x65\xE8\xCA\x85\x8B\x34\xC3\x86\x06\x61\x11\xD3\x35\x74\x5D\xB1\x74\x45\xD0\xB4\x6A\xE3\x20\x3D\x29\xDE\x7B\x90\x65\x45\x82\xFB\xCE\xB7\x7B\x20\x9C\xC5\xEF\xC4\x51\xC1\xFA\x20\x25\xBA\x59\x2B\x4F\x56\xE4\xE9\x66\x17\x94\x45\xA2\xBE\x28\x61\x91\xC7\x2A\x0E\x45\xFA\x75\x9C\xBD\x23\xE1\x2C\xAE\x58\x94\xF0\x88\x45\x96\x31\xA2\xF7\xBA\x0E\x7C\x61\x9E\x5D\x30\xD9\x40\x82\x7E\xEE\x6A\xFA\x0C\xBE\x66\x33\x1F\x25\xAC\xE2\x50\x63\xE8\x4A\x59\xE4\xBA\xE7\x18\x76\x0F\x84\xA3\x98\x14\x25\x53\xBF\x03\xF9\xF3\x1F\x61\x11\x36\x4C\x5D\x5D\x7F\x6C\x1B\x0D\xA7' + '\x86\xdd\x56\x40',
'\x00\x00\x01\x09' + 'IDAT' + '\xA5\x2B\xC2\x9E\x13\x39\xDD\x75\x4A\x57\x44\xDD\xDB\xDD\xDD\xFF\x08\x1B\x7F\xDD\xD9\x3B\xB7\x49\x31\x5E\x9B\x9E\x77\x80\xEC\x19\x0D\xA7\x68\x3F\x84\x05\x11\xAF\x90\xBA\x79\x06\xF8\xD6\x72\x9A\xDD\x55\x8B\xA8\x1F\xC2\xDA\x32\x16\x0E\xB2\x0E\x6B\xCB\x50\x38\xCA\x35\x6B\x35\x7D\x00\x31\xEF\x0D\x0D\xBA\x22\x43\xDF\x95\xAB\x15\x99\x84\x45\xA2\xC5\x63\x95\xAE\x08\xEB\xAE\x4E\xF6\xC7\x90\xA6\x4D\x2B\xCF\x7F\x74\x45\x82\xD7\x02\xA1\x79\x51\x12\xBC\xA6\x18\x74\x45\x82\xEB\xD0\xC4\xF0\xD1\xB6\xD1\x70\x0A\x7B\x44\xA9\xD0\x7D\x09\x54\x16\x69\xFA\xE9\x50\x65\x91\xE5\x5E\x75\xBE\xBF\x09\x8A\x8B\x04\xAD\x3F\xEE\x6C\x9A\x81\x1C\xAD\x2F\xEB\x8F\x79\x06\x72\xB4\xFB\x40\x6A\x77\xCC\x4B\x57\x04\x5D\x31\x3D\x7F\xEB\x8A\xB8\xF7\x86\x3E\x5D\x11\xB7\x7A\x9E\xD2\x15\x41\xED\x79\xBE\x82\x34\xDE\xC9\x40\x09\xEB\x38\x94\xE8\x66\x17\x94\x45\x9A\xFE\x46\x68\x1D\x87\x3C\xFD\x16\x2C\x97\x2D\xD2\x0C\xAB\x82\xBA\x22\xEE\x7E\x93\xA8\x83\xA9\x24\x1A\x8E\x79\xBD\x3E\x82\xEF\xB4\x77\x58\xBA\x22\xAC\x8D\x61\x39\x3E\x48\x8A\x71\x23\x9F\xE3\x83\xE4\xB8\xF7\xF4\x75\xFF\xD6\x15\x51\xDD' + '\xff\xb8\xf1\xb7',
'\x00\x00\x01\x09' + 'IDAT' + '\x2D\xE9\x8A\x34\x6D\x0A\xCB\xEF\xA5\x92\xE1\xD5\x95\xDB\x21\x09\xC6\x8C\x9A\xED\x32\xA4\x58\x5C\xA0\x74\x45\xD8\x62\x07\xB2\xAE\x88\x5B\x9C\x99\xD0\x15\x61\x77\x50\x2E\x53\x64\xB2\x91\x81\x0A\xE3\x1D\xB0\xB9\x0D\x92\x64\x2A\xCB\x65\x8B\x1C\xF3\xD7\x41\x5D\x91\xC2\x3C\x03\xA9\x56\xCF\xEC\xBA\x22\x6A\xB5\xAD\x5D\x57\x44\xCD\x07\x26\xAC\x3B\x93\x61\x5A\xC5\xD1\x15\x29\x5E\xAB\x38\xBA\x22\x81\x87\x2A\x2A\x74\x47\xBC\x84\x45\x22\x5D\x51\x47\x56\x94\x18\xE6\x45\x77\x0E\x84\xB3\xD8\x2E\x43\x09\x5F\x0D\x29\xE1\xF5\x1F\xA4\x19\xBE\x08\x3E\xAF\x2C\xDA\x38\x22\x4E\x30\x2E\x09\x5A\x20\x24\xC7\xB3\xD6\x3C\x94\xB5\x79\x54\xFC\x76\xFD\xD3\xFA\x73\x3F\xDC\x35\x1A\x8E\x61\x3F\x1F\x05\x5A\x3F\x0D\xAA\x2C\x92\x8C\x0F\x53\xC2\x22\xC9\xF4\x94\xAE\x2C\x92\x08\x8B\x1A\xEE\x85\x64\xBB\xA6\xAD\xBA\x4F\x84\x45\xD8\xBB\x22\x5D\x11\xB7\xEC\x4A\x58\x04\xE9\x8A\x0A\xF3\x72\xA0\xF5\x41\x52\xCC\x5B\x18\x64\x45\x8E\xEB\xE7\x77\xEF\x7F\xEA\x8A\x0C\xE3\x2F\x10\xAA\x8A\x24\xCF\x71\x7A\x8F\x57\x64\xBA\x5F\x00\xA2\x2B\x32\xB5\xFB\x07\x08\x75\x45\xA2\xE7\xF9\x4A\x57\x44\xF5\x11\xB5' + '\x75\x03\x80\x40',
'\x00\x00\x01\x09' + 'IDAT' + '\x9C\x63\xF5\x3A\x99\x7D\xA3\xE1\x14\xD7\x8E\xD1\xFE\x93\x7D\xA3\xE1\x14\xEB\x93\x13\xDB\x86\xC3\x21\x16\x1B\x18\x74\x45\xD8\xFB\x3E\xA8\x2B\xE2\xAE\x75\x9C\xFE\x03\x5D\x11\xF5\xAA\x48\x57\x24\xF0\x78\x45\x85\xD5\xF3\xD5\xB6\xC1\x70\x8C\x67\x9F\xCC\xEE\x91\x70\x92\xFB\x2E\xA8\x2C\x52\xCD\x65\xC9\x8B\x1C\x63\x59\x2E\x5C\xC4\x5D\x8F\x57\xF7\x3F\xCD\x33\x90\xE0\x15\x91\xAE\x48\xF0\x8E\x48\x57\xC4\xBD\x2F\x4F\xBA\x22\xCE\xB9\x54\x2A\x5C\x5F\x01\x6D\x72\x27\xD3\xFB\x5C\x2A\xC4\xF5\xA7\x51\x95\x45\x96\xBF\x35\x5D\x6F\x45\xFE\xFC\x0D\x51\xF7\x03\xD6\xF5\x04\xEF\xBA\x45\x8A\xA7\x2C\xF3\xED\x64\xEA\xD7\x05\x75\xC5\xF7\x5E\x9B\x44\x3F\x1F\x2E\xFE\x17\xFC\xD7\x7E\xB8\xDF\xE9\x8A\x90\x7F\x7A\x44\xD7\x15\xDF\xFB\xA7\xFD\xC7\xBA\x22\xCA\xD5\x89\x1A\xE6\x16\xA8\xA1\x2C\x6A\x08\x8B\x2A\xC2\xA2\x84\xB0\x28\x21\x2C\x6A\x28\x8B\x14\xAB\xE3\x38\x5B\x06\xC2\x51\x56\x8B\x84\xCA\x22\x6A\x19\x91\xB2\x08\xFA\x61\xDA\x4A\x58\xC4\xFC\x34\x21\xAA\x2C\x42\xDA\x7A\x15\xC7\xBD\x90\x98\xCF\x4E\xAC\xD7\x16\x52\x61\x11\xD2\xEF\x6C\x6F\xF7\x0D\xD0\x82\x21\x51\xCF\xCE\xF6\xEE\xBA' + '\xa5\xdf\x22\xc8',
'\x00\x00\x01\x09' + 'IDAT' + '\x69\xA6\xDF\xC6\xF9\xFC\x47\x57\xC4\xCC\xAB\x38\xD7\x67\xFB\x46\xC4\x09\xA6\xF5\xC0\xEB\x3B\xA1\xAE\x08\x69\xDD\x1C\xC3\xE7\xDF\xBE\x0F\x12\xF7\xFA\x12\xA8\x2B\x32\xAC\xF6\x8B\xEE\x1A\x0B\x07\xF1\x5E\x51\x4A\xBC\xBF\x11\x42\x82\x71\xAE\x61\xE7\x48\x38\x8B\x4B\x16\x35\x1C\x1F\xA4\x86\x63\x5E\xD4\xE8\xB6\xCA\xEC\x1E\x0A\xBF\xDD\xBC\x8E\x63\x5E\x94\x04\x6D\x4A\x49\x57\x64\xE8\xB7\x89\x76\x9F\xED\x1B\x10\x47\xB0\x4D\x94\x12\xAE\x53\x14\x18\xAF\x52\xCA\x22\xC7\xFC\x94\x2E\x2C\x72\xBC\xC2\x52\x16\x29\xDC\x0B\xA9\x31\x85\xB5\x6F\x20\x1C\xC6\x05\x8B\x44\xCB\xC9\x75\x61\x11\xB4\x5C\xB6\xD1\x15\x41\x8B\x85\x66\xEB\x83\x84\x2D\xDE\xC9\xA0\x2B\xE2\x16\xCB\x83\xBA\x22\xC1\xE2\x77\x01\xB6\x8D\x85\x83\x58\x78\xA6\x84\x2D\x0D\xD4\x70\x1A\x87\x1A\x2E\x59\x94\x70\xC9\xA2\x46\xFF\xAA\xA2\xCD\x43\xE1\x28\x9F\xA9\x77\x5D\x11\xF4\x2A\xC8\x39\x2F\x12\x58\x1F\xA4\x42\x1B\xEC\x1E\x0D\x07\xF9\x04\xD5\xAC\x0B\x92\xAB\x3B\xF3\xBC\x7B\x28\x1C\xE5\x6F\x59\xBA\x22\x9B\x27\x2C\x6A\xE8\x8A\x1A\xC2\xA2\xC2\x3D\xDD\xBE\x7B\x20\xFC\x7A\x43\x46\x9F\x9F\x4D\x15\x16\x51\xEB\xF9\xF6' + '\x3f\xa4\xc1\x12',
'\x00\x00\x01\x09' + 'IDAT' + '\x7D\xE3\xE1\x0C\x8B\xC9\x76\x5D\x11\xD6\x9F\xC2\x99\x3F\x82\x6F\x2D\xF7\xB6\xEB\x8A\x28\x77\x40\x0A\xBC\x9E\xD9\xF7\x0D\x85\x93\x4C\x5F\xFF\x84\x45\x92\x39\x2C\x65\x91\xC3\xBD\x90\x1A\xDE\x03\x49\xAA\x45\x44\x2E\x58\x04\x2D\x77\x5D\x59\xC8\x21\x68\x79\x62\x42\x57\x44\x7D\xCE\x4C\x8C\x73\xA3\xBA\x22\xEA\x7D\x74\x5E\x56\xC4\x75\xEB\xCE\xAF\x8F\xE0\x6B\x8B\xB0\x20\x81\xB7\xC8\x50\xE2\x3E\x3D\x28\x2C\x52\x0D\xD3\x0D\xF2\x22\x6A\xF5\x6B\x00\x2E\x5C\x44\x75\x0D\x75\xD7\x2B\x5D\x11\x33\xCC\x82\x7E\x4E\x0F\xEA\x8A\xA8\xF9\x1C\xEA\x6A\x5D\x07\xFE\x57\xEF\x84\x1C\x78\x26\xCE\xA5\x89\x0A\xBA\xA2\x82\x67\x29\x6A\x78\x4C\xA7\x86\x6F\x80\x54\xD1\x16\x45\xA4\x45\x11\x69\x91\x64\x75\x18\x47\x5A\xC4\x2C\x2B\xD2\x15\x41\x96\x03\xA9\xD0\xDE\xE7\xBC\x20\xCE\x1E\x51\x4A\x38\x34\x41\x89\x7E\x97\xA8\xB8\x48\xD3\xEE\x1F\x89\x53\x16\x89\xFA\x97\x7F\x08\x8B\x3C\xE3\x29\x2F\x65\x91\x46\x58\x14\x11\x16\x49\xC6\x47\x75\x5D\x91\xA3\xCD\x61\x7D\x9E\xDD\x85\x45\xC4\xE7\x8D\x1F\xE3\x07\xBA\x22\x6A\xB9\x9B\x41\x57\x44\x49\x88\x0A\xAE\x4D\x94\x10\x16\x35\x94\x45\x8D\xCF\xD7\x42' + '\x07\xbf\xae\x84',
'\x00\x00\x01\x09' + 'IDAT' + '\xB0\x7B\x30\x9C\xA3\x9B\x5F\x70\xC5\x22\x91\xAE\xA8\xD1\x3F\x66\x41\xD8\xBC\x8E\xA3\x2B\x32\xCC\xBB\xAF\x74\x45\x86\x79\xBE\x7D\xDF\x48\x38\x89\x75\x1C\x6A\x4C\x0B\xCF\x1B\x47\xC2\x39\xE6\xA7\x75\x5D\x91\x60\x3C\x97\x2A\x2A\x72\x8C\x33\xA2\x6E\x83\x24\x69\xF3\x04\xD6\xD6\xD1\x70\x8C\x79\x23\xF2\xCE\xB1\xF0\xDB\x0D\x93\x0B\xDD\x9F\xBA\x22\x62\x1D\x90\xAE\x08\xBA\xB6\x87\xB6\xC5\x87\xF0\xBD\x7B\x0B\xC3\xF0\x91\xAE\x88\x5A\xBC\xA9\x56\x57\x64\x70\x85\xA2\x84\xAE\xA8\xA1\x2C\x6A\xDC\x6B\x39\x9B\xC7\xC1\x69\xAE\x49\x07\x65\x91\xAB\x75\xC7\x08\x21\x8F\x65\x67\x6A\xE8\x8A\xB0\x45\x42\xBA\x22\xEC\x7A\xD7\xC7\xF4\xD1\xB6\xF1\x70\x86\x71\x07\xF2\xFD\xD1\xC6\x11\x71\x82\xD5\xC9\x79\x5D\x11\x75\xBF\x9A\x68\x68\x49\x57\xC4\x74\x5D\xB9\x4A\x91\xE8\x9E\x63\x57\x16\xD9\xEE\x15\x1C\x65\x91\xA8\x3B\x3F\xD8\xEC\xEA\x23\x8F\xF3\x83\xD4\xD2\x15\x19\x5E\x0D\xE9\x8A\xB8\xF7\x8D\x4F\x57\x84\x59\xC8\xA1\xC2\xFD\x72\xA2\xF1\xD5\x1F\x1B\x47\xC4\x11\x86\x9E\xE6\x8F\xE0\x4B\xD3\x1D\xF0\xF3\xC7\xA6\xC1\x70\x0A\x5B\x19\xA8\xF0\xFE\x32\xB8\x6D\x28\x1C\xE5\x3D\xCB\xB0\x6D\x28' + '\x02\xfb\xd5\xbb',
'\x00\x00\x01\x09' + 'IDAT' + '\xFB\x31\x6B\xDB\x70\x38\xC4\xBC\xAF\x6F\xDF\x48\x38\xC8\x62\xB6\xDD\x3C\x03\x61\xAF\x6F\x7F\xE6\x19\x48\xF1\xAA\x48\x58\xA4\x98\x33\xD2\x15\x39\xDE\x3B\x1A\xB6\x0D\x85\xA3\xCC\x65\x6D\x1B\x08\x87\x71\x91\xA2\xC6\xF3\xEA\x8F\xCD\x03\xE1\x30\xDE\x7F\x45\x8E\xD5\x59\x1C\x5D\x11\xB5\x3E\x35\xA1\x2B\x62\x56\x11\xE9\x8A\xA8\xD5\xFE\x50\x5D\x11\xD5\xEE\x7D\xA2\xF3\x67\xF0\xBD\x67\xCB\xD5\x7B\x1B\x16\x7C\xEB\x69\x68\x3C\x41\xB8\x6B\x3C\x1C\xE2\x99\x0C\x1D\x2E\x59\xBB\x86\xC3\x31\xFC\xC8\x04\x75\xFA\xE3\xCE\x5B\x07\xC2\x59\x9C\xA3\xA7\x84\xAE\x48\xB3\x7C\xFF\xA3\xB0\x08\x6A\xD3\xC4\xD5\xF0\x5F\xF8\xD2\xB4\x8C\xD3\xEC\x67\x20\xC3\x15\xD2\xF0\x81\xAE\x08\x5A\xBC\x92\x41\x57\x84\x35\xCF\x54\x14\xE8\xBB\x12\x16\x79\x74\x45\x21\x59\x51\xC2\xFA\x20\x15\xAC\x0F\x92\x69\x91\x93\xAE\x08\x5B\x5C\xA7\x5C\xB0\x08\x5B\x2C\x10\xEA\x8A\xB0\x61\x7A\xBD\x5D\x76\x8E\x88\x13\x4C\x0B\x84\xBA\x22\xC5\x7B\x81\xD0\x7D\x90\x38\x0B\x84\x94\x58\x1E\xF4\x82\xA0\xE7\x4B\xA0\xB2\xC8\xD4\xBD\x4D\xED\xEF\x53\xFC\xEE\x01\x71\x86\x7E\xF7\xB1\xCB\x16\x69\x86\x9B\xA0\xAE\x48\x64\x8B\x1F' + '\x5c\x1e\xfb\x89'
]
order = random.sample(range(0, 9), 9)
for num in order:
img += idats[num]
order = ''.join(map(str, order))
# end of random
# Last part (Content-length is only 255)
img += '\x00\x00\x00\xff' # Length
img += 'IDAT'
img += '\x68\xEF\xB0\x5C\xB1\x08\x9B\x0F\xE3\xFC\xD1\x15\x09\xA6\xD9\x05\xD3\x0D\xA4\xB8\x56\x9A\x87\x0F\x74\x45\x50\x73\xEF\xA3\x82\xA7\x75\x2A\x0C\x2B\x84\x9B\xC7\xC2\x41\xBA\x5D\xA2\xCA\x22\x4F\xFF\x84\xF5\xB7\xAE\xDD\x23\xE2\x0C\xFD\xE4\x82\xFB\x21\x69\xE6\xBD\xC8\x5B\x07\xC3\x49\x86\xAD\xA3\x7B\x87\xC2\x51\xCC\x38\x90\xA6\xFD\x99\x97\x07\x75\x45\xD8\xE2\x94\x97\xAE\x88\x6A\x8F\xE1\x83\xBD\xA3\xE2\xB7\x1B\x66\x17\x9E\x8F\x74\x45\xC8\x38\x6B\x25\x27\xB2\x8C\xE7\x07\x95\x45\xCC\x54\xD0\xFD\xC4\xAE\x2C\x22\xE6\x82\xCC\x31\x90\xE1\x15\xD0\xF3\xA4\xB5\x61\x34\x1C\xE3\xD5\x8F\x65\x1C\x12\xBC\xF3\xB1\x8E\x43\x82\x65\x58\xF6\xBA\x13\xB6\x2E\xCB\x7C\x03\x51\x3F\x96\xB5\x65\x34\x9C\x63\xD1\x90\xAC\x48\x20\x23\x6A\x28\x8B\x1A\xC2\xA2\x84\x4B\x16\x25\x74\x45\x09\xF3\x0B\x54\x30\x23\x4A\x8D\xFF\x34\xA5\x2C\x8A\xDC\xCB\xCF\x9B\xC7\xC1\x69\x2C\x3F\x53\xC3\xC3\x16\x35\x74\x45\x0D\x59\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xC0\xFF\x97\x7F\x01\x1C\x7C\xC6\x1B'
img += '\x2f\x89\x9c\x33' # CRC
# -- IEND --
img += '\x00\x00\x00\x00'
img += 'IEND'
img += '\xae\x42\x60\x82' # CRC
file = open("image_" + order +".png", "w")
file.write(img)
file.close()
os.execv(__file__, sys.argv)
Generating lots and lots images gave us a proper result, not a final one, but still interesting.
This image was named “image_742031658.png” and the number is the order of the IDAT parts. (It’s not the original one, we rotated it)
The 5 IDAT parts “7,4,2,0,3” were in the correct order, we just had to guess the 4 remaining parts.
We used the modified script above and Itertools to iterate all permutations composed by numbers “1,6,5,8”.
#!/usr/bin/python
from itertools import permutations
for order in permutations([1,6,5,8], 4):
# PNG header
img = '\x89\x50\x4E\x47\x0D\x0A\x1A\x0A'
# -- IHDR --
img += '\x00\x00\x00\x0d'
img += 'IHDR'
img += '\x00\x00\x02\x58' # Width (600px)
img += '\x00\x00\x02\x58' # Height (600px)
img += '\x08' # Bit depth
img += '\x03' # Colour type
img += '\x00' # Compression method
img += '\x00' # Filter method
img += '\x00' # Interlace method
img += '\x89\xb8\x68\xee' # CRC
# -- PLTE --
img += '\x00\x00\x03\x00' # Length (768)
img += 'PLTE'
img += '\x00\x00\x00\x01\x01\x01\x02\x02\x02\x03\x03\x03\x04\x04\x04\x05\x05\x05\x06\x06\x06\x07\x07\x07\x08\x08\x08\x09\x09\x09\x0A\x0A\x0A\x0B\x0B\x0B\x0C\x0C\x0C\x0D\x0D\x0D\x0E\x0E\x0E\x0F\x0F\x0F\x10\x10\x10\x11\x11\x11\x12\x12\x12\x13\x13\x13\x14\x14\x14\x15\x15\x15\x16\x16\x16\x17\x17\x17\x18\x18\x18\x19\x19\x19\x1A\x1A\x1A\x1B\x1B\x1B\x1C\x1C\x1C\x1D\x1D\x1D\x1E\x1E\x1E\x1F\x1F\x1F\x20\x20\x20\x21\x21\x21\x22\x22\x22\x23\x23\x23\x24\x24\x24\x25\x25\x25\x26\x26\x26\x27\x27\x27\x28\x28\x28\x29\x29\x29\x2A\x2A\x2A\x2B\x2B\x2B\x2C\x2C\x2C\x2D\x2D\x2D\x2E\x2E\x2E\x2F\x2F\x2F\x30\x30\x30\x31\x31\x31\x32\x32\x32\x33\x33\x33\x34\x34\x34\x35\x35\x35\x36\x36\x36\x37\x37\x37\x38\x38\x38\x39\x39\x39\x3A\x3A\x3A\x3B\x3B\x3B\x3C\x3C\x3C\x3D\x3D\x3D\x3E\x3E\x3E\x3F\x3F\x3F\x40\x40\x40\x41\x41\x41\x42\x42\x42\x43\x43\x43\x44\x44\x44\x45\x45\x45\x46\x46\x46\x47\x47\x47\x48\x48\x48\x49\x49\x49\x4A\x4A\x4A\x4B\x4B\x4B\x4C\x4C\x4C\x4D\x4D\x4D\x4E\x4E\x4E\x4F\x4F\x4F\x50\x50\x50\x51\x51\x51\x52\x52\x52\x53\x53\x53\x54\x54\x54\x55\x55\x55\x56\x56\x56\x57\x57\x57\x58\x58\x58\x59\x59\x59\x5A\x5A\x5A\x5B\x5B\x5B\x5C\x5C\x5C\x5D\x5D\x5D\x5E\x5E\x5E\x5F\x5F\x5F\x60\x60\x60\x61\x61\x61\x62\x62\x62\x63\x63\x63\x64\x64\x64\x65\x65\x65\x66\x66\x66\x67\x67\x67\x68\x68\x68\x69\x69\x69\x6A\x6A\x6A\x6B\x6B\x6B\x6C\x6C\x6C\x6D\x6D\x6D\x6E\x6E\x6E\x6F\x6F\x6F\x70\x70\x70\x71\x71\x71\x72\x72\x72\x73\x73\x73\x74\x74\x74\x75\x75\x75\x76\x76\x76\x77\x77\x77\x78\x78\x78\x79\x79\x79\x7A\x7A\x7A\x7B\x7B\x7B\x7C\x7C\x7C\x7D\x7D\x7D\x7E\x7E\x7E\x7F\x7F\x7F\x80\x80\x80\x81\x81\x81\x82\x82\x82\x83\x83\x83\x84\x84\x84\x85\x85\x85\x86\x86\x86\x87\x87\x87\x88\x88\x88\x89\x89\x89\x8A\x8A\x8A\x8B\x8B\x8B\x8C\x8C\x8C\x8D\x8D\x8D\x8E\x8E\x8E\x8F\x8F\x8F\x90\x90\x90\x91\x91\x91\x92\x92\x92\x93\x93\x93\x94\x94\x94\x95\x95\x95\x96\x96\x96\x97\x97\x97\x98\x98\x98\x99\x99\x99\x9A\x9A\x9A\x9B\x9B\x9B\x9C\x9C\x9C\x9D\x9D\x9D\x9E\x9E\x9E\x9F\x9F\x9F\xA0\xA0\xA0\xA1\xA1\xA1\xA2\xA2\xA2\xA3\xA3\xA3\xA4\xA4\xA4\xA5\xA5\xA5\xA6\xA6\xA6\xA7\xA7\xA7\xA8\xA8\xA8\xA9\xA9\xA9\xAA\xAA\xAA\xAB\xAB\xAB\xAC\xAC\xAC\xAD\xAD\xAD\xAE\xAE\xAE\xAF\xAF\xAF\xB0\xB0\xB0\xB1\xB1\xB1\xB2\xB2\xB2\xB3\xB3\xB3\xB4\xB4\xB4\xB5\xB5\xB5\xB6\xB6\xB6\xB7\xB7\xB7\xB8\xB8\xB8\xB9\xB9\xB9\xBA\xBA\xBA\xBB\xBB\xBB\xBC\xBC\xBC\xBD\xBD\xBD\xBE\xBE\xBE\xBF\xBF\xBF\xC0\xC0\xC0\xC1\xC1\xC1\xC2\xC2\xC2\xC3\xC3\xC3\xC4\xC4\xC4\xC5\xC5\xC5\xC6\xC6\xC6\xC7\xC7\xC7\xC8\xC8\xC8\xC9\xC9\xC9\xCA\xCA\xCA\xCB\xCB\xCB\xCC\xCC\xCC\xCD\xCD\xCD\xCE\xCE\xCE\xCF\xCF\xCF\xD0\xD0\xD0\xD1\xD1\xD1\xD2\xD2\xD2\xD3\xD3\xD3\xD4\xD4\xD4\xD5\xD5\xD5\xD6\xD6\xD6\xD7\xD7\xD7\xD8\xD8\xD8\xD9\xD9\xD9\xDA\xDA\xDA\xDB\xDB\xDB\xDC\xDC\xDC\xDD\xDD\xDD\xDE\xDE\xDE\xDF\xDF\xDF\xE0\xE0\xE0\xE1\xE1\xE1\xE2\xE2\xE2\xE3\xE3\xE3\xE4\xE4\xE4\xE5\xE5\xE5\xE6\xE6\xE6\xE7\xE7\xE7\xE8\xE8\xE8\xE9\xE9\xE9\xEA\xEA\xEA\xEB\xEB\xEB\xEC\xEC\xEC\xED\xED\xED\xEE\xEE\xEE\xEF\xEF\xEF\xF0\xF0\xF0\xF1\xF1\xF1\xF2\xF2\xF2\xF3\xF3\xF3\xF4\xF4\xF4\xF5\xF5\xF5\xF6\xF6\xF6\xF7\xF7\xF7\xF8\xF8\xF8\xF9\xF9\xF9\xFA\xFA\xFA\xFB\xFB\xFB\xFC\xFC\xFC\xFD\xFD\xFD\xFE\xFE\xFE\xFF\xFF\xFF'
img += '\xe2\xb0\x5d\x7d' # CRC
# -- tRNS --
img += '\x00\x00\x00\x02' # Length (2)
img += 'tRNS'
img += '\xFF\x00' # Content
img += '\xe5\xb7\x30\x4a' # CRC
# -- IDAT --
# First part (\x78\x9c = Zlib header)
img += '\x00\x00\x01\x09' # Length (265)
img += 'IDAT'
img += '\x78\x9C\xED\xDD\xCB\x8E\xE4\xB8\x11\x40\xD1\xFE\xFF\x9F\xA6\x6D\x74\x4A\x22\x29\xD6\xC0\xCE\x88\x00\x5D\xC4\x39\x9B\xA9\xCE\xD9\x70\x71\x21\x29\xF9\x50\xFE\xF9\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xFC\x3F\x6B\xBB\x07\xC0\x81\xDA\x5F\xBB\x87\xC1\x61\x5A\x53\x16\xF9\x3E\x49\x09\x8B\x5C\x57\x51\xC2\x22\xD1\x73\x0B\xFC\x7B\xDD\xDA\x3A\x18\xCE\xD1\x75\xD5\xDC\x0F\xC9\xF3\x69\xA9\x5D\x61\x29\x8B\xA8\xEB\xD9\xAA\x7B\x76\x57\x16\x61\xFD\x53\xFB\xF3\xB7\xB0\x88\xE9\x13\xD2\x15\x59\xDA\x18\xD6\xFD\xE1\xA6\xE1\x70\x8C\xBE\xAC\xD6\x3F\x6E\x41\x48\x57\x96\xAF\x84\x24\x1A\xCB\xD2\x15\x49\xDA\x5C\xD6\xD6\xD1\x70\x08\x7B\x1A\xA8\x70\x6F\x96\x51\x16\x89\xAE\xA2\x3E\x4B\x39\xBB\x87\xC3\x29\xFA\xC5\x67\x97\x2D\xD2\xF4\x73\x58\xC2\x22\x4D\x1B\xCB\xDA\x39\x14\x4E\xD2\x86\x7B\xE1\xDE\xB1\x70\x92\xBB\x27\x5D\x91\xEA\xFE\x3E\xA8\x2B\x32\x58\xC6\xA1\x42\xF3\x7D\x90\x7C\x63\x4A\xBA\x22\xC7\x58\x92\xAE\xC8\xF1\x1C\xC5\x71\xD8\x8B\x44\x7D\x57\x8E\xA7\x92\xE5\xE9\xCA\xD5\x8A\x4C\xFF\x8E\xE9\xD9\xD5'
img += '\x5e\xb3\xac\x46' # CRC
img += '\x00\x00\x01\x09' + 'IDAT' + '\xB0\x7B\x30\x9C\xA3\x9B\x5F\x70\xC5\x22\x91\xAE\xA8\xD1\x3F\x66\x41\xD8\xBC\x8E\xA3\x2B\x32\xCC\xBB\xAF\x74\x45\x86\x79\xBE\x7D\xDF\x48\x38\x89\x75\x1C\x6A\x4C\x0B\xCF\x1B\x47\xC2\x39\xE6\xA7\x75\x5D\x91\x60\x3C\x97\x2A\x2A\x72\x8C\x33\xA2\x6E\x83\x24\x69\xF3\x04\xD6\xD6\xD1\x70\x8C\x79\x23\xF2\xCE\xB1\xF0\xDB\x0D\x93\x0B\xDD\x9F\xBA\x22\x62\x1D\x90\xAE\x08\xBA\xB6\x87\xB6\xC5\x87\xF0\xBD\x7B\x0B\xC3\xF0\x91\xAE\x88\x5A\xBC\xA9\x56\x57\x64\x70\x85\xA2\x84\xAE\xA8\xA1\x2C\x6A\xDC\x6B\x39\x9B\xC7\xC1\x69\xAE\x49\x07\x65\x91\xAB\x75\xC7\x08\x21\x8F\x65\x67\x6A\xE8\x8A\xB0\x45\x42\xBA\x22\xEC\x7A\xD7\xC7\xF4\xD1\xB6\xF1\x70\x86\x71\x07\xF2\xFD\xD1\xC6\x11\x71\x82\xD5\xC9\x79\x5D\x11\x75\xBF\x9A\x68\x68\x49\x57\xC4\x74\x5D\xB9\x4A\x91\xE8\x9E\x63\x57\x16\xD9\xEE\x15\x1C\x65\x91\xA8\x3B\x3F\xD8\xEC\xEA\x23\x8F\xF3\x83\xD4\xD2\x15\x19\x5E\x0D\xE9\x8A\xB8\xF7\x8D\x4F\x57\x84\x59\xC8\xA1\xC2\xFD\x72\xA2\xF1\xD5\x1F\x1B\x47\xC4\x11\x86\x9E\xE6\x8F\xE0\x4B\xD3\x1D\xF0\xF3\xC7\xA6\xC1\x70\x0A\x5B\x19\xA8\xF0\xFE\x32\xB8\x6D\x28\x1C\xE5\x3D\xCB\xB0\x6D\x28' + '\x02\xfb\xd5\xbb',
img += '\x00\x00\x01\x09' + 'IDAT' + '\x9C\x63\xF5\x3A\x99\x7D\xA3\xE1\x14\xD7\x8E\xD1\xFE\x93\x7D\xA3\xE1\x14\xEB\x93\x13\xDB\x86\xC3\x21\x16\x1B\x18\x74\x45\xD8\xFB\x3E\xA8\x2B\xE2\xAE\x75\x9C\xFE\x03\x5D\x11\xF5\xAA\x48\x57\x24\xF0\x78\x45\x85\xD5\xF3\xD5\xB6\xC1\x70\x8C\x67\x9F\xCC\xEE\x91\x70\x92\xFB\x2E\xA8\x2C\x52\xCD\x65\xC9\x8B\x1C\x63\x59\x2E\x5C\xC4\x5D\x8F\x57\xF7\x3F\xCD\x33\x90\xE0\x15\x91\xAE\x48\xF0\x8E\x48\x57\xC4\xBD\x2F\x4F\xBA\x22\xCE\xB9\x54\x2A\x5C\x5F\x01\x6D\x72\x27\xD3\xFB\x5C\x2A\xC4\xF5\xA7\x51\x95\x45\x96\xBF\x35\x5D\x6F\x45\xFE\xFC\x0D\x51\xF7\x03\xD6\xF5\x04\xEF\xBA\x45\x8A\xA7\x2C\xF3\xED\x64\xEA\xD7\x05\x75\xC5\xF7\x5E\x9B\x44\x3F\x1F\x2E\xFE\x17\xFC\xD7\x7E\xB8\xDF\xE9\x8A\x90\x7F\x7A\x44\xD7\x15\xDF\xFB\xA7\xFD\xC7\xBA\x22\xCA\xD5\x89\x1A\xE6\x16\xA8\xA1\x2C\x6A\x08\x8B\x2A\xC2\xA2\x84\xB0\x28\x21\x2C\x6A\x28\x8B\x14\xAB\xE3\x38\x5B\x06\xC2\x51\x56\x8B\x84\xCA\x22\x6A\x19\x91\xB2\x08\xFA\x61\xDA\x4A\x58\xC4\xFC\x34\x21\xAA\x2C\x42\xDA\x7A\x15\xC7\xBD\x90\x98\xCF\x4E\xAC\xD7\x16\x52\x61\x11\xD2\xEF\x6C\x6F\xF7\x0D\xD0\x82\x21\x51\xCF\xCE\xF6\xEE\xBA' + '\xa5\xdf\x22\xc8',
img += '\x00\x00\x01\x09' + 'IDAT' + '\xA5\x2B\xC2\x9E\x13\x39\xDD\x75\x4A\x57\x44\xDD\xDB\xDD\xDD\xFF\x08\x1B\x7F\xDD\xD9\x3B\xB7\x49\x31\x5E\x9B\x9E\x77\x80\xEC\x19\x0D\xA7\x68\x3F\x84\x05\x11\xAF\x90\xBA\x79\x06\xF8\xD6\x72\x9A\xDD\x55\x8B\xA8\x1F\xC2\xDA\x32\x16\x0E\xB2\x0E\x6B\xCB\x50\x38\xCA\x35\x6B\x35\x7D\x00\x31\xEF\x0D\x0D\xBA\x22\x43\xDF\x95\xAB\x15\x99\x84\x45\xA2\xC5\x63\x95\xAE\x08\xEB\xAE\x4E\xF6\xC7\x90\xA6\x4D\x2B\xCF\x7F\x74\x45\x82\xD7\x02\xA1\x79\x51\x12\xBC\xA6\x18\x74\x45\x82\xEB\xD0\xC4\xF0\xD1\xB6\xD1\x70\x0A\x7B\x44\xA9\xD0\x7D\x09\x54\x16\x69\xFA\xE9\x50\x65\x91\xE5\x5E\x75\xBE\xBF\x09\x8A\x8B\x04\xAD\x3F\xEE\x6C\x9A\x81\x1C\xAD\x2F\xEB\x8F\x79\x06\x72\xB4\xFB\x40\x6A\x77\xCC\x4B\x57\x04\x5D\x31\x3D\x7F\xEB\x8A\xB8\xF7\x86\x3E\x5D\x11\xB7\x7A\x9E\xD2\x15\x41\xED\x79\xBE\x82\x34\xDE\xC9\x40\x09\xEB\x38\x94\xE8\x66\x17\x94\x45\x9A\xFE\x46\x68\x1D\x87\x3C\xFD\x16\x2C\x97\x2D\xD2\x0C\xAB\x82\xBA\x22\xEE\x7E\x93\xA8\x83\xA9\x24\x1A\x8E\x79\xBD\x3E\x82\xEF\xB4\x77\x58\xBA\x22\xAC\x8D\x61\x39\x3E\x48\x8A\x71\x23\x9F\xE3\x83\xE4\xB8\xF7\xF4\x75\xFF\xD6\x15\x51\xDD' + '\xff\xb8\xf1\xb7',
img += '\x00\x00\x01\x09' + 'IDAT' + '\x2E\xD1\xF1\x13\x08\xB8\x2B\x92\x13\x89\xC6\xF9\x50\x65\x91\xE3\xBE\x0F\x3A\xE7\x45\xAA\xEE\x7C\xD7\xFC\xF5\x10\x02\x86\xEF\x84\xBA\x22\xCD\xF0\x9D\x50\x57\xE4\xD2\x15\x49\x96\xA7\x71\x74\x45\xD0\xB5\x72\x33\xA4\xA4\x2B\x82\x5A\x5B\x96\x05\x21\xB6\x89\x52\xE1\xB5\x4B\x06\x32\xF4\x35\x29\x8B\x24\xE3\xED\x4F\x58\x24\x99\x9E\xAB\x94\x45\x12\x61\x51\xC3\xBD\x90\x1A\xC2\x22\xD3\x6A\xD6\x4A\x57\x04\x2D\x67\xDA\xCD\x90\x12\xB4\x5E\x1D\xD4\x15\x41\xEF\x2D\x57\xD6\x0A\x49\xF0\x3E\x3B\x2F\x2B\x12\xBC\x7F\x2C\x5C\x57\x24\x78\x87\x05\x09\xBC\x46\x86\x12\xCF\x11\xAF\xDD\x23\xE1\x2C\xC3\x74\x83\xBC\x48\xD3\xCD\x2E\xB8\x70\x91\xC8\x1B\x40\xA8\xE1\x0C\x05\x45\x74\x45\x82\x1F\x22\x92\x15\x21\xAD\xB9\xF7\x51\xE1\x99\xBB\x52\x16\x99\x7C\x0F\xA4\xC6\x15\x94\xAE\xC8\x75\xDF\x0D\x77\x0F\x84\xC3\x78\xC2\xA2\x86\xAE\xA8\xF1\x09\x4B\x5C\xA4\xFA\xDC\x0A\x5D\xB6\xC8\xD5\xBD\x70\x1B\xBE\xB7\x2A\x48\x57\x44\x2D\x97\x70\x74\x45\xD4\x6A\x81\x50\x57\xC4\x5D\x5F\x02\x87\xB2\x76\x0E\x88\x43\xF4\x0B\x84\x9B\x87\xC2\x51\x9E\x6B\xD6\xEE\x91\x70\x16\x13\x57\xA4\xF2\xBE\x0F\x2A\x74' + '\xf4\xb0\x07\xa5',
img += '\x00\x00\x01\x09' + 'IDAT' + '\x2D\xE9\x8A\x34\x6D\x0A\xCB\xEF\xA5\x92\xE1\xD5\x95\xDB\x21\x09\xC6\x8C\x9A\xED\x32\xA4\x58\x5C\xA0\x74\x45\xD8\x62\x07\xB2\xAE\x88\x5B\x9C\x99\xD0\x15\x61\x77\x50\x2E\x53\x64\xB2\x91\x81\x0A\xE3\x1D\xB0\xB9\x0D\x92\x64\x2A\xCB\x65\x8B\x1C\xF3\xD7\x41\x5D\x91\xC2\x3C\x03\xA9\x56\xCF\xEC\xBA\x22\x6A\xB5\xAD\x5D\x57\x44\xCD\x07\x26\xAC\x3B\x93\x61\x5A\xC5\xD1\x15\x29\x5E\xAB\x38\xBA\x22\x81\x87\x2A\x2A\x74\x47\xBC\x84\x45\x22\x5D\x51\x47\x56\x94\x18\xE6\x45\x77\x0E\x84\xB3\xD8\x2E\x43\x09\x5F\x0D\x29\xE1\xF5\x1F\xA4\x19\xBE\x08\x3E\xAF\x2C\xDA\x38\x22\x4E\x30\x2E\x09\x5A\x20\x24\xC7\xB3\xD6\x3C\x94\xB5\x79\x54\xFC\x76\xFD\xD3\xFA\x73\x3F\xDC\x35\x1A\x8E\x61\x3F\x1F\x05\x5A\x3F\x0D\xAA\x2C\x92\x8C\x0F\x53\xC2\x22\xC9\xF4\x94\xAE\x2C\x92\x08\x8B\x1A\xEE\x85\x64\xBB\xA6\xAD\xBA\x4F\x84\x45\xD8\xBB\x22\x5D\x11\xB7\xEC\x4A\x58\x04\xE9\x8A\x0A\xF3\x72\xA0\xF5\x41\x52\xCC\x5B\x18\x64\x45\x8E\xEB\xE7\x77\xEF\x7F\xEA\x8A\x0C\xE3\x2F\x10\xAA\x8A\x24\xCF\x71\x7A\x8F\x57\x64\xBA\x5F\x00\xA2\x2B\x32\xB5\xFB\x07\x08\x75\x45\xA2\xE7\xF9\x4A\x57\x44\xF5\x11\xB5' + '\x75\x03\x80\x40',
# random of the 4 remaining IDAT parts
idats = [
'\x00\x00\x01\x09' + 'IDAT' + '\x5F\x06\x49\xD6\x46\xBB\x87\xC3\x31\x9E\xA6\x74\x45\x98\xDF\xF3\x22\xDF\xF2\xA6\xA7\x2B\x82\xDE\x59\xB9\x0F\x92\x60\xD1\x95\xE7\x76\xC2\xD6\xB7\x41\x5D\x11\xB4\x6A\x48\x57\x84\x5D\xC7\x71\x76\x8F\x83\xC3\x5C\x73\x56\xCA\x22\x97\x59\x76\x6A\xF4\x5D\x09\x8C\x4C\xFD\xCF\xE4\x6C\x1D\x08\x67\x71\xC1\xA2\xC4\xF3\xA6\x86\xDD\x23\xE1\x77\x9B\x9E\xD7\x9F\x7D\x58\x1B\xC7\xC4\xEF\xF7\xFA\x26\xE8\xAB\x21\x19\xDE\x17\x28\x5D\x91\xC0\xD9\x79\x2A\xF8\x12\x48\x09\x6F\x91\xA1\x84\xB0\xA8\x61\xDA\x8A\x12\xE3\xF9\x2E\x79\x91\x65\xE8\xCA\x85\x8B\x34\xC3\x86\x06\x61\x11\xD3\x35\x74\x5D\xB1\x74\x45\xD0\xB4\x6A\xE3\x20\x3D\x29\xDE\x7B\x90\x65\x45\x82\xFB\xCE\xB7\x7B\x20\x9C\xC5\xEF\xC4\x51\xC1\xFA\x20\x25\xBA\x59\x2B\x4F\x56\xE4\xE9\x66\x17\x94\x45\xA2\xBE\x28\x61\x91\xC7\x2A\x0E\x45\xFA\x75\x9C\xBD\x23\xE1\x2C\xAE\x58\x94\xF0\x88\x45\x96\x31\xA2\xF7\xBA\x0E\x7C\x61\x9E\x5D\x30\xD9\x40\x82\x7E\xEE\x6A\xFA\x0C\xBE\x66\x33\x1F\x25\xAC\xE2\x50\x63\xE8\x4A\x59\xE4\xBA\xE7\x18\x76\x0F\x84\xA3\x98\x14\x25\x53\xBF\x03\xF9\xF3\x1F\x61\x11\x36\x4C\x5D\x5D\x7F\x6C\x1B\x0D\xA7' + '\x86\xdd\x56\x40',
'\x00\x00\x01\x09' + 'IDAT' + '\x69\xA6\xDF\xC6\xF9\xFC\x47\x57\xC4\xCC\xAB\x38\xD7\x67\xFB\x46\xC4\x09\xA6\xF5\xC0\xEB\x3B\xA1\xAE\x08\x69\xDD\x1C\xC3\xE7\xDF\xBE\x0F\x12\xF7\xFA\x12\xA8\x2B\x32\xAC\xF6\x8B\xEE\x1A\x0B\x07\xF1\x5E\x51\x4A\xBC\xBF\x11\x42\x82\x71\xAE\x61\xE7\x48\x38\x8B\x4B\x16\x35\x1C\x1F\xA4\x86\x63\x5E\xD4\xE8\xB6\xCA\xEC\x1E\x0A\xBF\xDD\xBC\x8E\x63\x5E\x94\x04\x6D\x4A\x49\x57\x64\xE8\xB7\x89\x76\x9F\xED\x1B\x10\x47\xB0\x4D\x94\x12\xAE\x53\x14\x18\xAF\x52\xCA\x22\xC7\xFC\x94\x2E\x2C\x72\xBC\xC2\x52\x16\x29\xDC\x0B\xA9\x31\x85\xB5\x6F\x20\x1C\xC6\x05\x8B\x44\xCB\xC9\x75\x61\x11\xB4\x5C\xB6\xD1\x15\x41\x8B\x85\x66\xEB\x83\x84\x2D\xDE\xC9\xA0\x2B\xE2\x16\xCB\x83\xBA\x22\xC1\xE2\x77\x01\xB6\x8D\x85\x83\x58\x78\xA6\x84\x2D\x0D\xD4\x70\x1A\x87\x1A\x2E\x59\x94\x70\xC9\xA2\x46\xFF\xAA\xA2\xCD\x43\xE1\x28\x9F\xA9\x77\x5D\x11\xF4\x2A\xC8\x39\x2F\x12\x58\x1F\xA4\x42\x1B\xEC\x1E\x0D\x07\xF9\x04\xD5\xAC\x0B\x92\xAB\x3B\xF3\xBC\x7B\x28\x1C\xE5\x6F\x59\xBA\x22\x9B\x27\x2C\x6A\xE8\x8A\x1A\xC2\xA2\xC2\x3D\xDD\xBE\x7B\x20\xFC\x7A\x43\x46\x9F\x9F\x4D\x15\x16\x51\xEB\xF9\xF6' + '\x3f\xa4\xc1\x12',
'\x00\x00\x01\x09' + 'IDAT' + '\x7D\xE3\xE1\x0C\x8B\xC9\x76\x5D\x11\xD6\x9F\xC2\x99\x3F\x82\x6F\x2D\xF7\xB6\xEB\x8A\x28\x77\x40\x0A\xBC\x9E\xD9\xF7\x0D\x85\x93\x4C\x5F\xFF\x84\x45\x92\x39\x2C\x65\x91\xC3\xBD\x90\x1A\xDE\x03\x49\xAA\x45\x44\x2E\x58\x04\x2D\x77\x5D\x59\xC8\x21\x68\x79\x62\x42\x57\x44\x7D\xCE\x4C\x8C\x73\xA3\xBA\x22\xEA\x7D\x74\x5E\x56\xC4\x75\xEB\xCE\xAF\x8F\xE0\x6B\x8B\xB0\x20\x81\xB7\xC8\x50\xE2\x3E\x3D\x28\x2C\x52\x0D\xD3\x0D\xF2\x22\x6A\xF5\x6B\x00\x2E\x5C\x44\x75\x0D\x75\xD7\x2B\x5D\x11\x33\xCC\x82\x7E\x4E\x0F\xEA\x8A\xA8\xF9\x1C\xEA\x6A\x5D\x07\xFE\x57\xEF\x84\x1C\x78\x26\xCE\xA5\x89\x0A\xBA\xA2\x82\x67\x29\x6A\x78\x4C\xA7\x86\x6F\x80\x54\xD1\x16\x45\xA4\x45\x11\x69\x91\x64\x75\x18\x47\x5A\xC4\x2C\x2B\xD2\x15\x41\x96\x03\xA9\xD0\xDE\xE7\xBC\x20\xCE\x1E\x51\x4A\x38\x34\x41\x89\x7E\x97\xA8\xB8\x48\xD3\xEE\x1F\x89\x53\x16\x89\xFA\x97\x7F\x08\x8B\x3C\xE3\x29\x2F\x65\x91\x46\x58\x14\x11\x16\x49\xC6\x47\x75\x5D\x91\xA3\xCD\x61\x7D\x9E\xDD\x85\x45\xC4\xE7\x8D\x1F\xE3\x07\xBA\x22\x6A\xB9\x9B\x41\x57\x44\x49\x88\x0A\xAE\x4D\x94\x10\x16\x35\x94\x45\x8D\xCF\xD7\x42' + '\x07\xbf\xae\x84',
'\x00\x00\x01\x09' + 'IDAT' + '\xFB\x31\x6B\xDB\x70\x38\xC4\xBC\xAF\x6F\xDF\x48\x38\xC8\x62\xB6\xDD\x3C\x03\x61\xAF\x6F\x7F\xE6\x19\x48\xF1\xAA\x48\x58\xA4\x98\x33\xD2\x15\x39\xDE\x3B\x1A\xB6\x0D\x85\xA3\xCC\x65\x6D\x1B\x08\x87\x71\x91\xA2\xC6\xF3\xEA\x8F\xCD\x03\xE1\x30\xDE\x7F\x45\x8E\xD5\x59\x1C\x5D\x11\xB5\x3E\x35\xA1\x2B\x62\x56\x11\xE9\x8A\xA8\xD5\xFE\x50\x5D\x11\xD5\xEE\x7D\xA2\xF3\x67\xF0\xBD\x67\xCB\xD5\x7B\x1B\x16\x7C\xEB\x69\x68\x3C\x41\xB8\x6B\x3C\x1C\xE2\x99\x0C\x1D\x2E\x59\xBB\x86\xC3\x31\xFC\xC8\x04\x75\xFA\xE3\xCE\x5B\x07\xC2\x59\x9C\xA3\xA7\x84\xAE\x48\xB3\x7C\xFF\xA3\xB0\x08\x6A\xD3\xC4\xD5\xF0\x5F\xF8\xD2\xB4\x8C\xD3\xEC\x67\x20\xC3\x15\xD2\xF0\x81\xAE\x08\x5A\xBC\x92\x41\x57\x84\x35\xCF\x54\x14\xE8\xBB\x12\x16\x79\x74\x45\x21\x59\x51\xC2\xFA\x20\x15\xAC\x0F\x92\x69\x91\x93\xAE\x08\x5B\x5C\xA7\x5C\xB0\x08\x5B\x2C\x10\xEA\x8A\xB0\x61\x7A\xBD\x5D\x76\x8E\x88\x13\x4C\x0B\x84\xBA\x22\xC5\x7B\x81\xD0\x7D\x90\x38\x0B\x84\x94\x58\x1E\xF4\x82\xA0\xE7\x4B\xA0\xB2\xC8\xD4\xBD\x4D\xED\xEF\x53\xFC\xEE\x01\x71\x86\x7E\xF7\xB1\xCB\x16\x69\x86\x9B\xA0\xAE\x48\x64\x8B\x1F' + '\x5c\x1e\xfb\x89'
]
for num in order:
img += idats[num]
order = ''.join(map(str, order))
# end of random
# Last part (Content-length is only 255)
img += '\x00\x00\x00\xff' + 'IDAT' + '\x68\xEF\xB0\x5C\xB1\x08\x9B\x0F\xE3\xFC\xD1\x15\x09\xA6\xD9\x05\xD3\x0D\xA4\xB8\x56\x9A\x87\x0F\x74\x45\x50\x73\xEF\xA3\x82\xA7\x75\x2A\x0C\x2B\x84\x9B\xC7\xC2\x41\xBA\x5D\xA2\xCA\x22\x4F\xFF\x84\xF5\xB7\xAE\xDD\x23\xE2\x0C\xFD\xE4\x82\xFB\x21\x69\xE6\xBD\xC8\x5B\x07\xC3\x49\x86\xAD\xA3\x7B\x87\xC2\x51\xCC\x38\x90\xA6\xFD\x99\x97\x07\x75\x45\xD8\xE2\x94\x97\xAE\x88\x6A\x8F\xE1\x83\xBD\xA3\xE2\xB7\x1B\x66\x17\x9E\x8F\x74\x45\xC8\x38\x6B\x25\x27\xB2\x8C\xE7\x07\x95\x45\xCC\x54\xD0\xFD\xC4\xAE\x2C\x22\xE6\x82\xCC\x31\x90\xE1\x15\xD0\xF3\xA4\xB5\x61\x34\x1C\xE3\xD5\x8F\x65\x1C\x12\xBC\xF3\xB1\x8E\x43\x82\x65\x58\xF6\xBA\x13\xB6\x2E\xCB\x7C\x03\x51\x3F\x96\xB5\x65\x34\x9C\x63\xD1\x90\xAC\x48\x20\x23\x6A\x28\x8B\x1A\xC2\xA2\x84\x4B\x16\x25\x74\x45\x09\xF3\x0B\x54\x30\x23\x4A\x8D\xFF\x34\xA5\x2C\x8A\xDC\xCB\xCF\x9B\xC7\xC1\x69\x2C\x3F\x53\xC3\xC3\x16\x35\x74\x45\x0D\x59\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xC0\xFF\x97\x7F\x01\x1C\x7C\xC6\x1B' + '\x2f\x89\x9c\x33'
# -- IEND --
img += '\x00\x00\x00\x00'
img += 'IEND'
img += '\xae\x42\x60\x82' # CRC
file = open("image_" + order +".png", "w")
file.write(img)
file.close()
We managed to get the final order “742038561”, which gave us the following result:
Flag was “SharifCTF{A3FBFC944D5CA155B0C04C97823986B6}“… but too late for scoring 🙁