Saving the World

Challenge:

Sometimes I dream of saving the world. Saving everyone from the invisible hand, the one that brands us with an employee badge, the one the forces us to work for them, the one that controls us every day without us knowing it. But I can’t stop it. I’m not that special. I’m just anonymous. I’m just alone.

Solution:

The string of digits in the challenge image was hard to miss, so my first step was to extract the sequence (hopefully not manually). I spent some time with tesseract, a command line OCR, but it never produced a decent extract. I even tried cropping the image, converting to black & white and adjusting the image size but the extract would either be missing a lot of the white space between numbers, or produce inaccurate numbers.

I then turned to online tools, specifically OCR Space, to perform the extract. I uploaded a cropped and resized (+200%) version of the original image and chose the Use OCR Engine2 option, which claimed to have better results with numbers. As shown in the picture of the results, the OCR operation was pretty impressive. After only needing to tweak whitespace in six spots the sequence of digits was:

6 2 26 8 16 21 17 18 3 18 1 17 6 8 3 2 1 14 5 18 17 10 21 18 18 25 15 14 5 5 2 10 20 25 14 13 18 17 10 22 7 21 5 14 22 1 10 14 7 18 5 15 18 6 22 17 18 7 21 18 10 21 22 7 18 16 21 22 16 24 18 1 6 7 21 18 3 14 6 6 10 2 5 17 22 6 7 10 18 25 25 22 16 24 25 2 6 18 6 16 7 2

The next task was to determine what the numbers represented.

I ruled out decimal to ASCII due to the all of the numbers being less than 32, which would make them unprintable. That’s when I noticed that the numbers fell within a range of 1 - 25. Could this be as simple as 1 = A, 2 = B, 3 = C, and so on? Conveniently, CyberChef has an operation named A1Z26 for decoding this technique, but my recipe produced a string of gibberish.

fbzhpuqrcraqfhcbanerqjurryoneebjtynmrqjvguenvajngreorfvqrgurjuvgrpuvpxrafgurcnffjbeqvfgjryyvpxyzrfpgb

After some additional analysis (e.g. trial & error) I identified the string to be a ROT13 cipher. Adding that operation to my CyberChef recipe finally produced a readable string, but not quite the flag yet:

somuchdependsuponaredwheelbarrowglazedwithrainwaterbesidethewhitechickensthepasswordistwellicklosescto

With whitespace added:

so much depends upon a red wheelbarrow glazed with rainwater beside the white chickens the password is twellicklosescto

Given that this was a Steganography challenge, along with just obtaining a password, trying steghide to extract a file was the next logical step.

$ steghide extract -sf menu.jpg -p twellicklosescto
wrote extracted data to "flag.txt".

$ cat flag.txt 

flag{take_care_of_whiterose}

P.S. Nice subtle shoutouts to the 1st season of Mr. Robot, e.g when Tyrell Wellick loses his CTO position at E Corp, and the 2nd season with the “Red Wheelbarrow” poem

Published:

Updated:

Leave a comment