RingZer0-215 - Love Letter
Steganography
Love Letter
This time we got a text file, that contains a pretty long text. At first the text seem normal, so i decided to look at it using xxd and noticed something.
xxd LoveLetter.txt | head -n 3
00000000: 4920 7765 6e74 a074 6f20 7468 6520 7061 I went.to the pa
00000010: 726b 2074 6f64 6179 2ca0 7361 77a0 6120 rk today,.saw.a
00000020: 6c6f 7420 6f66 a066 6973 682e 2046 6973 lot of.fish. Fis
There’s an invisible character in the text (a0). I didn’t know what to do about it until i found this pdf.
Page 6 has a small part on how we can use non-breaking characters to embed data. This was the part that i decided to try at first.
Quote from the pdf file:
The first technique embeds data by changing a normal white space into an
A0 space to encode 1, and leaves the regular white space to encode 0. It does
not increase the file size at all, but the amount of data that can be embedded
is very limited by the number of white spaces in the text.
So i decided to try it and wrote a small script to verify it for us.
import binascii
text = open('LoveLetter.txt').read()
flag = ''
for i in text:
if i.encode('hex') == "a0":
flag += "1"
elif i.encode('hex') == "20":
flag += "0"
else:
continue
print binascii.unhexlify('%x' % int(flag, 2))
The flag is FLAG-3b6f70fcf070009561f5276fe98fc9c6