Last active
September 29, 2015 15:49
-
-
Save croepha/ee7b7c30d2bb8686fb46 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"cells": [ | |
{ | |
"cell_type": "code", | |
"execution_count": 5, | |
"metadata": { | |
"collapsed": false | |
}, | |
"outputs": [ | |
{ | |
"name": "stdout", | |
"output_type": "stream", | |
"text": [ | |
"Possible flag: '1fish2Fish3fishBlueFish'\n", | |
"Possible flag: 'fs2ihfsBuFs'\n", | |
"Possible flag: '1ihFs3ihleih'\n", | |
"Possible flag: '162636BWi'\n", | |
"Possible flag: 'fhi3slFh'\n", | |
"Possible flag: 'i2sfhui'\n", | |
"Possible flag: '1sFhiBes'\n", | |
"Possible flag: '6F6sVi'\n", | |
"Possible flag: 'f2hsus'\n", | |
"Possible flag: 'iF3heh'\n", | |
"Possible flag: 'sifBF'\n", | |
"Possible flag: '1hsili'\n" | |
] | |
} | |
], | |
"source": [ | |
"#!/usr/bin/env python3\n", | |
"\n", | |
"# This is probably slightly more thourough than needed, as it tries to \n", | |
"# bruteforce the bit width, window width, and offset\n", | |
"\n", | |
"# I cant take credit for the solution, @DerbyConCTF sent out the method,\n", | |
"# I just implemented it in code\n", | |
"\n", | |
"import scipy.io.wavfile\n", | |
"import numpy as np\n", | |
"\n", | |
"window_widths = range(7, 33)\n", | |
"target_file = './www.pwndu.edu/~gwalton/homework/steganography/Assignment1.wav'\n", | |
"\n", | |
"data = scipy.io.wavfile.read(target_file)[1] # Load file\n", | |
"data = np.bitwise_and(1, data).flatten() # Get least significant bits\n", | |
"\n", | |
"# try reversed? \n", | |
"# data = data[::-1]\n", | |
"\n", | |
"# Brute force window_width and offset\n", | |
"for window_width in window_widths:\n", | |
" for offset in range(window_width):\n", | |
" \n", | |
" # length of data, rounded by window_width\n", | |
" l = ((len(data) - offset) // window_width) * window_width\n", | |
" \n", | |
" data2 = (data\n", | |
" [offset: l + offset] # Truncate data by rounded length\n", | |
" .reshape(l//window_width, window_width) # reshape by width\n", | |
" [:,-8:] # truncate widths by 7 bits\n", | |
" )\n", | |
" \n", | |
" # Try reversing here? :\n", | |
" data2 = data2[:, ::-1]\n", | |
"\n", | |
" # Turn bits into decimal integers, then to bytes\n", | |
" _bytes = np.packbits(data2, axis=1) \\\n", | |
" .astype('uint8') \\\n", | |
" .tobytes()\n", | |
"\n", | |
" # Decode the bytes as ascii, if that fails then assume this is not the solution\n", | |
" try:\n", | |
" string = _bytes.decode('ascii')\n", | |
" except UnicodeDecodeError:\n", | |
" continue\n", | |
" \n", | |
" string = string.strip('\\x00')\n", | |
"\n", | |
" # If the string contains non printable characters, then assume this is not the solution\n", | |
" if string.isprintable():\n", | |
" print('Possible flag: %r'% string)\n", | |
" " | |
] | |
}, | |
{ | |
"cell_type": "code", | |
"execution_count": null, | |
"metadata": { | |
"collapsed": true | |
}, | |
"outputs": [], | |
"source": [] | |
} | |
], | |
"metadata": { | |
"kernelspec": { | |
"display_name": "Python 3", | |
"language": "python", | |
"name": "python3" | |
}, | |
"language_info": { | |
"codemirror_mode": { | |
"name": "ipython", | |
"version": 3 | |
}, | |
"file_extension": ".py", | |
"mimetype": "text/x-python", | |
"name": "python", | |
"nbconvert_exporter": "python", | |
"pygments_lexer": "ipython3", | |
"version": "3.4.3" | |
} | |
}, | |
"nbformat": 4, | |
"nbformat_minor": 0 | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment