Damjan Cvetko

Damjan Cvetko

Developer, System Architect, Hacker.

2 minutes read

Challenge: Santa’s elves have found the following image with a secret message. Can you find it?

santa-claus.svg

So we get a SVG. Typical CTFs are that theres something hidden in there.

Lets first open it in a browser an look at the structure. Immediately we can see a rendering error:

<path id="11 5 25" fill="#3C0100" stroke="#3C0100" d="3 15 13 16 12 9 3 1 20 5 4 5 14 3 18 25 16 20 9 15 14 11 5 25"/>

Hum. Numbers up to 25, it could be a letter to number cypher. Let’s try our favorite tool.

We get a response right away:

COMPLICATEDENCRYPTIONKEY.

But this isn’t the flag.

There was a lot of team effort, but this flag was not solved without the help of the organizers.

Somebody found the (original image)[stana-claus-orig.svg].

Formatting and diffing that and the one we got show small small differences in path data:

At this point I searched around for a tool and with some help did find https://github.com/japplebaum/svgsteg but running that did not produce any results.

Eventually the organizers gave the (script)[svgsteg.py] that can decrypt the massage.

$ python3 svgsteg.py  -extract santa-claus.svg complicatedencryptionkey
xmas{wa1k1ng_In_a_Wint3r_w0nder1and}

It was that public svgsteg ported to python3. However the original script did not produce the same result. I have not looked why, but python2 and python3 handle something differently inside…

Flag: xmas{wa1k1ng_In_a_Wint3r_w0nder1and}

What did I learn: Ask for help, mistakes can happen.

Recent posts

See more

Categories

About