Last active
November 14, 2017 03:12
-
-
Save becojo/37f7f47b27b532f0353a7235f42b73c6 to your computer and use it in GitHub Desktop.
DefCamp CTF Finals - Security CCTV (misc) - NorthernCoalition
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import cv2 | |
| import numpy as np | |
| import os | |
| import subprocess | |
| # Download the current frame | |
| os.system("curl https://security-cctv.dctf-f1nals-2017.def.camp/img/streamframe.png > out.png") | |
| # Find the homography for the QR code displayed on the phone to a 200x200 image | |
| # These are the coordinates of the corners of the QR code on the image | |
| from_points = [ | |
| (2325, 1626), # top left | |
| (2244, 1710), # top right | |
| (2121, 1655), # bottom right | |
| (2204, 1572) # bottom left | |
| ] | |
| to_points = [ | |
| (0, 0), | |
| (200, 0), | |
| (200, 200), | |
| (0, 200) | |
| ] | |
| h, _ = cv2.findHomography(np.array(from_points), np.array(to_points)) | |
| print h | |
| base_image = cv2.imread('out.png') | |
| warped = cv2.warpPerspective(base_image, h, (200, 200)) | |
| # Find the homography for the QR code reflection to a 200x200 image | |
| from_points = [ | |
| (2073, 1617), | |
| (2123, 1607), | |
| (2158, 1705), | |
| (2133, 1710) | |
| ] | |
| # These points have been approximated such that the resulting image is somewhat straight | |
| to_points = [ | |
| (0, 0), | |
| (0, 110), | |
| (200, 55), | |
| (200, 0) | |
| ] | |
| h, _ = cv2.findHomography(np.array(from_points), np.array(to_points)) | |
| print h | |
| corner = cv2.warpPerspective(base_image, h, (200, 200)) | |
| # Fill in cyan the part of the phone QR code that is overlayed by a tissue | |
| cv2.fillConvexPoly(warped, np.array([(0, 0), (150, 0), (55, 100), (0, 80)]), (255, 255, 0)) | |
| cv2.imwrite('back.png', warped) | |
| cv2.imwrite('corner.png', corner) | |
| # Make the cyan transparent to overlay the images | |
| os.system("convert back.png -transparent cyan back_t.png") | |
| # The reflection is a bit darker so the brightness/contrast is increased a bit | |
| os.system("mogrify -brightness-contrast 20x50 corner.png") | |
| # Compose both images and apply a slight shift (+2 in x, +1 in y) | |
| os.system("composite corner.png back_t.png -geometry +2+1 -compose dstover result.png") | |
| # Add the missing "tracking box" otherwise the QR code can't be perperly decoded | |
| os.system("composite tracker.png result.png -gravity center -compose over result2.png") | |
| # Add a white margin around the resulting QR code | |
| os.system("composite result2.png white.png -gravity center -compose over result3.png") | |
| # Increase the brightness/contrast of the overall image to make zbarimg happier | |
| os.system("mogrify -brightness-contrast 10,20 result3.png") | |
| # Read the QR code | |
| token = subprocess.check_output(['zbarimg', '-q', 'result3.png']).split(':')[1].strip() | |
| print token | |
| # Submit it, get dat flag | |
| os.system("curl 'https://security-cctv.dctf-f1nals-2017.def.camp/index.php' --data 'token=%s'" % token) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment