Skip to content

Commit 30ebef0

Browse files
author
VoidMercy
authored
fix images and added problem statement
1 parent 28e5c86 commit 30ebef0

File tree

1 file changed

+11
-9
lines changed

1 file changed

+11
-9
lines changed

forensics/qr2-330-points.md

Lines changed: 11 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,22 +1,24 @@
1-
#QR2 - 330 points
1+
# QR2 - 330 points
22

3-
#### phsst - VoidMercy's writeup
3+
When I am not practicing my [Oboe](https://en.wikipedia.org/wiki/Oboe) for band, I have been working on a QR code generator. For some reason, some of the images are not scannable. Here is one, can you tell me what it says?
44

5-
We were given a broken QR code.
5+
### Solution
6+
7+
###### Writeup by VoidMercy from phsst
68

79
The problem mentioned that this problem is related to "OBOE" somehow. We search this up and find that OBOE can also stand for off by one error. We surmised that the off by one refers to the mask of the QR code, so we manually changed the mask of the QR code to see if it would decode. Sadly, none of the masks work. (See wikipedia for more information on masks).
810

911
Then we had an idea to find out if the mask was messed up or not. Because we know the first characters of the flag is "easyctf" we can manually encode this, and xor it with the broken QR code. This would result in the mask because applying masks uses xor and the inverse operation of xor is itself.
1012

1113
Here is "easyctf" encrypted:
1214

13-
![](https://raw.githubusercontent.com/VoidMercy/EasyCTF-Writeups-2017/blob/master/forensics/QR2/first3chars.fw.png)
15+
![](https://raw.githubusercontent.com/VoidMercy/EasyCTF-Writeups-2017/master/forensics/QR2/first3chars.fw.png)
1416

1517
Which we xored with the original broken QR (scaled down):
1618

1719
Original broken QR:
1820

19-
![](https://raw.githubusercontent.com/VoidMercy/EasyCTF-Writeups-2017/blob/master/forensics/QR2/small.png)
21+
![](https://raw.githubusercontent.com/VoidMercy/EasyCTF-Writeups-2017/master/forensics/QR2/small.png)
2022

2123
Here is the script I used:
2224

@@ -44,19 +46,19 @@ new.save("test.png")
4446

4547
Then here is the result (with a bit of edit to make the real mask more visible):
4648

47-
![](https://raw.githubusercontent.com/VoidMercy/EasyCTF-Writeups-2017/blob/master/forensics/QR2/actualmask.PNG)
49+
![](https://raw.githubusercontent.com/VoidMercy/EasyCTF-Writeups-2017/master/forensics/QR2/actualmask.PNG)
4850

4951
We can see that this mask is mask #6, except moved up one pixel! So we manually construct the same mask, offset by one pixel as well:
5052

51-
![](https://raw.githubusercontent.com/VoidMercy/EasyCTF-Writeups-2017/blob/master/forensics/QR2/sicemask.png)
53+
![](https://raw.githubusercontent.com/VoidMercy/EasyCTF-Writeups-2017/master/forensics/QR2/sicemask.png)
5254

5355
Then we xored this mask with the original messed up QR code to undo the off by one mask.
5456

55-
![](https://raw.githubusercontent.com/VoidMercy/EasyCTF-Writeups-2017/blob/master/forensics/QR2/xor1.PNG)
57+
![](https://raw.githubusercontent.com/VoidMercy/EasyCTF-Writeups-2017/master/forensics/QR2/xor1.PNG)
5658

5759
Afterwards, we apply the correct mask #6:
5860

59-
![](https://raw.githubusercontent.com/VoidMercy/EasyCTF-Writeups-2017/blob/master/forensics/QR2/xor2.PNG)
61+
![](https://raw.githubusercontent.com/VoidMercy/EasyCTF-Writeups-2017/master/forensics/QR2/xor2.PNG)
6062

6163
Then, the QR is able to be decoded by any QR code reader!
6264

0 commit comments

Comments
 (0)