Added My USB and Scisnerof Writeups

Author: ValarDragon

cryptography.md

@@ -7,7 +7,7 @@ This category focuses on using advanced mathematical topics to encrypt data to p
 * [RSA 1 \[50 points\]](/cryptography/rsa-1-50-points.md)
 * Let Me Be Frank \[75 points\]
 * RSA 2 \[80 points\]
-* Decode Me \[100 points\]
+* Decode Me \[100 points\](/cryptography/decode-me-100-points.md)
 * [Hash on Hash \[100 points\]](/cryptography/hash-on-hash-100-points.md)
 * RSA 3 \[135 points\]
 * Diffie-cult \[140 points\]
@@ -18,6 +18,3 @@ This category focuses on using advanced mathematical topics to encrypt data to p
 * [Genius \[230 points\]](/cryptography/genius-230-points.md)
 * [Premium RSA \[350 points\]](/cryptography/premium-rsa-350-points.md)
 * [Paillier Service \[400 points\]](/cryptography/paillier-service-400-points.md)
-
-
-

forensics.md

@@ -4,14 +4,14 @@ This category refers to the recovery of information from evidence, like extracti
 
 * [20xx \[50 points\]](/forensics/20xx-50-points.md)
 * [Mane Event \[50 points\]](/forensics/mane-event-50-points.md)
-* scisnerof \[70 points\]
+* scisnerof \[70 points\](/forensics/scisnerof-70-points.md)
 * [Petty Difference \[75 points\]](/forensics/petty-difference-75-points.md)
 * Flag Collection \[80 points\]
 * Zooooooom \[85 points\]
 * QR 1 \[100 points\]
 * Gibberish \[100 points\]
 * Ogrewatch \[100 points\]
-* My USB \[150 points\]
+* My USB \[150 points\](/forensics/my-usb-150-points.md)
 * [Flag PEG \[150 points\]](/forensics/flag-peg-150-points.md)
 * ZIP Tunnel \[160 points\]
 * Finn \[200 points\]

forensics/my-usb-150-points.md

@@ -0,0 +1,30 @@
+# My USB - 150 points
+
+I found_ [my usb](https://github.com/EasyCTF/easyctf-2017-problems/blob/master/my-usb/usb.img) from a long time ago. I know there's a flag on there somewhere; can you help me find it?
+
+### Solution
+###### Writeup by Valar Dragon
+
+We're given a USB img. First thing I did was try to actually restore the USB image onto a USB. We see a document called "hack.docx", with two images in it, and a zip file called flag.zip, with an image of the usaflag in it, and an image called cryptolock.png.
+
+Doing my standard forensic analysis, like looking at hexdumps, and looking for other file headers through scalpel, yielded nothing.
+There is some code that is visible on both of the images inside the word file, but it seems too distorted to be relevant.
+
+Then I thought to scalpel the original USB img file.
+
+``` bash
+$ scalpel -c scalpelConfig.txt  usb.img
+```
+
+This gives 3 images, instead of just the two inside of the docx! (It doesn't give the image inside of flag.zip)
+
+Heres the extra file:
+
+![flag.jpg](https://raw.githubusercontent.com/HackThisCode/CTF-Writeups/master/2017/EasyCTF/My%20USB/flag.jpg)
+
+Theres our flag!
+`flag{d3let3d_f1l3z_r_k00l}`
+
+### External Writeups
+
+* [https://github.com/HackThisCode/CTF-Writeups/blob/master/2017/EasyCTF/My%20USB/README.md](https://github.com/HackThisCode/CTF-Writeups/blob/master/2017/EasyCTF/My%20USB/README.md)

forensics/scisnerof-75-points.md

@@ -0,0 +1,28 @@
+# Scisnerof - 70 points
+
+I found weird file! [elif](https://github.com/EasyCTF/easyctf-2017-problems/blob/master/scisnerof/elif)
+
+### Solution
+###### Writeup by Valar Dragon
+
+Scisnerof is Forensics backwards, and elif is file backwards! It seems likely that elif is a reversed file.
+This "elif" file has no default app, so let us look at it through a hex editor. I used Bless, a hex editor for linux.
+
+![hexdump.png](https://raw.githubusercontent.com/HackThisCode/CTF-Writeups/master/2017/EasyCTF/scisnerof/hexdump.png)
+If we scroll to the bottom, we see that theres the PNG File header reversed to GNP!
+
+So it looks we just need to reverse the file!
+We can do it in one line with python
+``` python
+$ python3
+open('scisnerof.png','bw+').write(open('elif','br').read()[::-1])
+```
+
+Then open up [scisnerof.png](https://raw.githubusercontent.com/HackThisCode/CTF-Writeups/master/2017/EasyCTF/scisnerof/scisnerof.png),
+![scisnerof.png](https://raw.githubusercontent.com/HackThisCode/CTF-Writeups/master/2017/EasyCTF/scisnerof/scisnerof.png)
+and theres our flag! `easyctf{r3v3r5ed_4ensics}`
+
+
+### External Writeups
+
+* [https://github.com/HackThisCode/CTF-Writeups/blob/master/2017/EasyCTF/scisnerof/README.md](https://github.com/HackThisCode/CTF-Writeups/blob/master/2017/EasyCTF/scisnerof/README.md)