当て身 Atemi

A Cybersecurity blog by shinris3n
👊 Writeups 👊 News 👊 Resources

Part of the Ninpwn Network
shinris3n
<< back

3 May 2020

Quick Run

Challenge Source: VirSecCon2020
Challenge Category: Scripting

This challenge contained a zip file with 30 QR codes inside.

Partial QR Codes

There is a tool called zbarimg that can process QR codes via command line.

$ sudo apt-get install zbar-tools

    zbarimg syntax

Just checking the first file:

$ zbarimg 0.png

    zbarimg output

We can guess that if this is a character in the flag, it is likely an ASCII encoded character. We can check a table:

ASCII Table

We know flags in this competition begin with an L, so this is probably decimal encoded rather than hex encoded.

One option is just to use zbarimg to go through all the files in the directory and match the characters to the table, but - in the spirit of the category - to completely automate the process via a python script:

import os
characters = ''
a = 0
while (a <= 30):
        qrcode = str(a) + ".png"
        #print (qrcode)
        command_to_run = "zbarimg " + qrcode + " --quiet --raw"
        character = os.popen(command_to_run).read()
        character = character [8:-1]
        character = hex(int(character))
        character = bytes.fromhex(character[2:]).decode('ascii')
        characters = characters + character
        a = a + 1
print (characters)

    Python Script Output

Tags: VirSecCon, ctf, scripting