The smart home system has the function of remote monitoring of what is happening in the home and every few minutes sends pictures of the surveillance cameras to the owner of the house. You successfully intercepted the network traffic of this system, however, its creators took care of the security of their users data and encrypted the pictures. Decrypt the provided image and you will find the flag.
The file claims to be a png file but we are not able to open it via image viewer. Let’s check whether it is really a png file.
|
1 2 |
$ file secret_encrypted.png secret_encrypted.png: data |
As we guessed, it is not a png file anymore. Let’s check its first 8 bytes to see what is wrong.
|
1 2 |
$ hexdump -C secret_encrypted.png | head -n 1 00000000 76 af b1 b8 f2 f5 e5 f5 ff ff ff f2 b6 b7 bb ad |v...............| |
PNG signature is 89 50 4E 47 0D 0A 1A 0A but this one is different. However, if we add png signature’s bytes to our file’s first 8 bytes. We get FF FF FF FF FF FF FF FF. In other words if we subtract each byte of the file from 0xFF, we get the correct png header which means we can decrypt the complete file by subtracting each byte from 0xFF.
Here is the python script I created for this task.
|
1 2 3 4 5 6 7 8 9 |
#!/usr/bin/env python encrypted = open('secret_encrypted.png', 'rb') data = encrypted.read() encrypted.close() decrypted = open('secret.png', 'wb') decrypted.write(''.join(chr(c) for c in [0xFF - ord(x) for x in data])) decrypted.close() |
Let’s run it and get our secret.png file.
|
1 2 3 |
$ python decrypt.py $ file secret.png secret.png: PNG image data, 1310 x 321, 8-bit/color RGB, non-interlaced |
Here is the decrypted image.
