[forensics] password (250 pts, 29 solved)

Description

I found the entrance to the escape. You need a flag value to enter the entrance, find the flag value!

Keyword : Yimz

hint : Ex) ~Yimz

Solution

Another solution for password. If you run the image through pngcheck, you will see a CRC error, indicating that it has been tampered with. By taking out that CRC, you can get the flag.

import subprocess
import base58

with open('Password.png', 'rb') as f:
  b = f.read()
with open('tmp.png', 'wb') as f:
  f.write(b)
  
flag = ''
while(True):
  out = subprocess.getoutput(f"pngcheck tmp.png")
  print(out)
  try:
    computed_s = out.split('computed')[1].split(',')[0].strip()
    expected_s = out.split('expected')[1].split(')')[0].strip()
  except:
    break
  flag += expected_s
  computed_b = bytes.fromhex(computed_s)
  expected_b = bytes.fromhex(expected_s)
  #print(f'{computed_s=}, {expected_s=}')
  #print(f'{computed_b=}, {expected_b=}')
  b = b.replace(expected_b, computed_b)
  with open('tmp.png', 'wb') as f:
    f.write(b)
print(base58.b58decode(bytes.fromhex(flag)).decode())