{"id":2987,"date":"2017-03-22T03:12:38","date_gmt":"2017-03-22T02:12:38","guid":{"rendered":"https:\/\/0x90r00t.com\/?p=2987\/"},"modified":"2017-03-22T03:37:22","modified_gmt":"2017-03-22T02:37:22","slug":"easyctf-2017-forensics-325-decomphose-write-up","status":"publish","type":"post","link":"https:\/\/0x90r00t.com\/fr\/2017\/03\/22\/easyctf-2017-forensics-325-decomphose-write-up\/","title":{"rendered":"[EasyCTF 2017] [FORENSICS 325 &#8211; Decomphose] Write Up"},"content":{"rendered":"<p>Plusieurs fichiers 7zip contenant des images \u00e9taient mis \u00e0 disposition, il fallait retrouver le flag dans ce marmiton.<br \/>\n<a href=\"https:\/\/0x90r00t.com\/wp-content\/uploads\/2017\/03\/017421530283.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-large wp-image-2989\" src=\"https:\/\/0x90r00t.com\/wp-content\/uploads\/2017\/03\/017421530283-1024x576.png\" alt=\"\" width=\"474\" height=\"267\" srcset=\"https:\/\/0x90r00t.com\/wp-content\/uploads\/2017\/03\/017421530283-1024x576.png 1024w, https:\/\/0x90r00t.com\/wp-content\/uploads\/2017\/03\/017421530283-300x169.png 300w, https:\/\/0x90r00t.com\/wp-content\/uploads\/2017\/03\/017421530283-768x432.png 768w, https:\/\/0x90r00t.com\/wp-content\/uploads\/2017\/03\/017421530283.png 1280w\" sizes=\"auto, (max-width: 474px) 100vw, 474px\" \/><\/a><br \/>\n<!--more--><\/p>\n<p>Nous nous retrouvons avec 84 images png r\u00e9parties dans des archives.<br \/>\nDu gris, du noir, des parasites, un beau bazar.<br \/>\nEn regardant de plus pr\u00e8s, on se rend compte qu&rsquo;il y a beaucoup de pixels noirs parmi les parasites dont une bonne partie entourant des pixels de couleur.<\/p>\n<p><a href=\"https:\/\/0x90r00t.com\/wp-content\/uploads\/2017\/03\/Capture-du-2017-03-22-03-04-09.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-medium wp-image-2992\" src=\"https:\/\/0x90r00t.com\/wp-content\/uploads\/2017\/03\/Capture-du-2017-03-22-03-04-09-300x187.png\" alt=\"\" width=\"300\" height=\"187\" srcset=\"https:\/\/0x90r00t.com\/wp-content\/uploads\/2017\/03\/Capture-du-2017-03-22-03-04-09-300x187.png 300w, https:\/\/0x90r00t.com\/wp-content\/uploads\/2017\/03\/Capture-du-2017-03-22-03-04-09.png 721w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><br \/>\nMais ?! Et si nous prenions chaque pixel entour\u00e9 de points noirs de chaque image pour en faire une nouvelle composition ?<\/p>\n<p>Un petit script PHP pour r\u00e9assembler tout \u00e7a de mani\u00e8re <strong>performante<\/strong> :<\/p>\n<pre class=\"brush: php; title: ; notranslate\" title=\"\">\r\n&lt;?php\r\n $files = glob('decomp?\/*.png');\r\n $out = imagecreatetruecolor(1280,720);\r\n $back = imagecolorallocate($out, 0xff, 0xff, 0xff);\r\n $black = imagecolorallocate($out, 0, 0, 0);\r\n $white = imagecolorallocate($out, 0xff, 0xff, 0xff);\r\n\r\n\r\n foreach ($files as $file) {\r\n  $img = imagecreatefrompng($file);\r\n  $maxw = imagesx($img);\r\n  $maxh = imagesy($img);\r\n\r\n  for ($y=0;$y&lt;$maxh;++$y) {\r\n   for ($x=0;$x&lt;$maxw;++$x){\r\n    $color = imagecolorat($img, $x, $y); \/\/ Couleur du pixel de l'image courant\r\n    if ($x+2 &gt;= $maxw) continue; \/\/ On prend pas les pixels trop pr\u00e8s du bord\r\n    $color2 = imagecolorat($img, $x+2, $y); \/\/ On prend la couleur du pixel 2px plus loin\r\n    if ($color == 0 &amp;&amp; $color2 == 0) { \/\/ Si le pixel est noir\r\n     $color3 = imagecolorat($img, $x+1, $y); \/\/ On prend la couleur du pixel 1px plus loin\r\n     $r = ($color3 &gt;&gt; 16) &amp; 0xFF;\r\n     $g = ($color3 &gt;&gt; 8) &amp; 0xFF;\r\n     $b = $color3 &amp; 0xFF;\r\n     $new = imagecolorallocate($out, $r, $g, $b);\r\n     imagesetpixel($out, $x, $y, $new);\r\n     imagecolordeallocate($out, $new);\r\n     $x += 2;\r\n    }\r\n   }\r\n  }\r\n\r\n  imagedestroy($img);\r\n }\r\n\r\n imagepng($out, 'flag.png');\r\n<\/pre>\n<p>C&rsquo;est PRESQUE bon, le flag n&rsquo;est pas encore tout \u00e0 fait visible :<br \/>\n<a href=\"https:\/\/0x90r00t.com\/wp-content\/uploads\/2017\/03\/flag.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-large wp-image-2990\" src=\"https:\/\/0x90r00t.com\/wp-content\/uploads\/2017\/03\/flag-1024x576.png\" alt=\"\" width=\"474\" height=\"267\" srcset=\"https:\/\/0x90r00t.com\/wp-content\/uploads\/2017\/03\/flag-1024x576.png 1024w, https:\/\/0x90r00t.com\/wp-content\/uploads\/2017\/03\/flag-300x169.png 300w, https:\/\/0x90r00t.com\/wp-content\/uploads\/2017\/03\/flag-768x432.png 768w, https:\/\/0x90r00t.com\/wp-content\/uploads\/2017\/03\/flag.png 1280w\" sizes=\"auto, (max-width: 474px) 100vw, 474px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>Un filtre anti-parasite avec GIMP et le flag apparait :<\/p>\n<p><a href=\"https:\/\/0x90r00t.com\/wp-content\/uploads\/2017\/03\/flag_optimized.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-large wp-image-2991\" src=\"https:\/\/0x90r00t.com\/wp-content\/uploads\/2017\/03\/flag_optimized-1024x576.png\" alt=\"\" width=\"474\" height=\"267\" srcset=\"https:\/\/0x90r00t.com\/wp-content\/uploads\/2017\/03\/flag_optimized-1024x576.png 1024w, https:\/\/0x90r00t.com\/wp-content\/uploads\/2017\/03\/flag_optimized-300x169.png 300w, https:\/\/0x90r00t.com\/wp-content\/uploads\/2017\/03\/flag_optimized-768x432.png 768w, https:\/\/0x90r00t.com\/wp-content\/uploads\/2017\/03\/flag_optimized.png 1280w\" sizes=\"auto, (max-width: 474px) 100vw, 474px\" \/><\/a>Le flag \u00e9tait : <code>easyctf{wh4t_a_5weet_fFLag_2b04e1}<\/code><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Plusieurs fichiers 7zip contenant des images \u00e9taient mis \u00e0 disposition, il fallait retrouver le flag dans ce marmiton.<\/p>\n","protected":false},"author":9,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[245,246],"tags":[31,97,248,247,54],"class_list":["post-2987","post","type-post","status-publish","format-standard","hentry","category-245","category-easyctf","tag-forensics","tag-gd","tag-gimp","tag-squares","tag-php"],"_links":{"self":[{"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/posts\/2987","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/comments?post=2987"}],"version-history":[{"count":7,"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/posts\/2987\/revisions"}],"predecessor-version":[{"id":3000,"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/posts\/2987\/revisions\/3000"}],"wp:attachment":[{"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/media?parent=2987"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/categories?post=2987"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/tags?post=2987"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}