Problem
You picked up teared QR code fragments. Recover the flag.
Flag is 12 characters without MMA{...}.
During the opening time of MMA CTF, I don't know what to do with this picture.
When the CTF ended, I googled "QR code recovery challenge" to find the write-up of this chal, and found this link: https://ctf.mma.club.uec.ac.jp/problems/92
problem2.png
We will solve problem2.png first!
---
It looks easier, right? I opened GIMP and try to recover it but failed.
---
It looks easier, right? I opened GIMP and try to recover it but failed.
After googling, I found a tool named strong-qr-decoder, it can decode corrupted QR code, but only in txt file.
So I tried hard, and found a tool named qr2txt, it can change a bitmap file QR code to a txt file QR code.
Yeah! Go go go!
1. Change problem2.png to problem2.bmp with GIMP, and rename it to qr.bmp
2. $ ./qr2txt
Save it to a text file: $ ./qr2txt > qr.txt
Boom!
Did I miss something?
So I tried hard, and found a tool named qr2txt, it can change a bitmap file QR code to a txt file QR code.
Yeah! Go go go!
1. Change problem2.png to problem2.bmp with GIMP, and rename it to qr.bmp
2. $ ./qr2txt
Save it to a text file: $ ./qr2txt > qr.txt
3. User strong-qr-decoder to decode it:
$ python sqrd.py qr.txt -e 2 -m 4
$ python sqrd.py qr.txt -e 2 -m 4
Boom!
Yeah, we got the flag of problem2.png. Can we do these steps with problem.png
"Flag is 12 characters without MMA{...}."
Submit flag "000000000000"! Failed!!!
Submit flag "000000000000"! Failed!!!
Did I miss something?
--- matnacian ---
--- ctf for beginners ---
Hi Dude,
ReplyDeletedid you try to manually read the QR-Code? You will see that the QR-Code is in Kanji Mode. And with this you need to translate some japanese, to get the code. So far what I got was the Following Data Stream:
0b0101 --> FNC First Position
0b1000 --> Kanji Mode
0b00010101 --> Character Count --> 21 Kanji Chars
0b0011001101000 --> Char 1 --> JShift 0x89A8
0b0101000101110 --> char 2 --> JShift 0x8EAE
0b0001111010100 --> char 3 --> JShift 0x8654
broken
broken
broken
broken
broken
broken
broken
broken
broken
0b1111101101000 --> JShift 0xEAE8
broken
broken
broken
0b0111000111000 --> JShift 0x93F8
0b1000001001011 --> JShift 0x96F8
0b1110101000111 --> JShift 0xE847
0b0100100111101 --> JShift 0x8D7D
broken
[Possible End or next Mode]
[next bits can be error correction]
Everything is described here: http://www.swisseduc.ch/informatik/theoretische_informatik/qr_codes/docs/qr_standard.pdf
Or for the people who don't want read this paper: https://www.youtube.com/watch?v=KA8hDldvfv0
I didn't get the flag too, but I am f**king close ^^
Greetz TheVamp
I solved this challenge during MMA (playing on the PPP team), and wrote a writeup of the solution which you can find here: https://github.com/pwning/public-writeup/blob/master/mma2015/misc400-qr/writeup.md
ReplyDeleteYou can check it out if you're curious. (And, PS: the QR code is not in Kanji, but in plain ASCII.)
Damn, I am to stupid to read the File Information. ^^ Thx Robert and nice write up
ReplyDeleteGreetz TheVamp