Stego Troll

Scenario:

The flag for this stego challenge is in this description!!

Process:

Start off by copying the challenge to a text document.

We will notice that the formatting is off when we paste it into notepad.

Also we wil notice that for such a short sentence the file takes up quite a bit of room on disk.

Next if we output the file to hex we can see some interesting things.

Get-content and format-hex to look at the data

We can also drop this into CyberChef to also see the unique output

Non-Printable characters:

There are 8 non printable characters that could be used, but luckily we can see that the same one was used.

Hex of 80 8B E2

Unicode of U+200C

List of all 8 Non Printable Characters

Going back to CyberChef to see how we can find anything, we see that there are breaks in all the characters by printable characters.

How many Non Printable Character (NPC) [Not Non Player Characters] are there between printable characters?

We get a length of 102, what does that mean? How does that help us?

The 102 length translates into f which is the first letter of our flag!

You can do this a couple of ways..

By hand translating all the character… (time consuming)

One-liner script (fast and to the point)

Scripting (repeatable)

For this we will focus on a script we can reuse.

This following code will allow us to see how we can “count” the NPCs

$stego = Get-Content '.\Stego Troll.txt'-Encoding Byte

$stego | ForEach-Object {
    $dec = "{0:d} " -f $_   
    $ascii = [char]$_
    $hex = "{0:x}" -f $_
    Write-Output "Orig: $ascii       Dec: $dec       Hex: $hex"
}

As you can see we can split on hex:e2 or decimal:226

80 and 8b also follow along and you could split on those as well.

Walking through the script:

$stego = Get-Content '.\Stego Troll.txt'-Encoding Byte
$out = @()
$nice = ""

$stego | ForEach-Object {
    $dec = "{0:d} " -f $_
    if ($dec -match 226 -or $dec -match 139 -or $dec -match 128){
        if ($dec -match 226){
            $charcount += 1
        }
    }else{
        $ascii = [char]$charcount
        Write-Output "Dec: $charcount     ASCII: $ascii"
        $out += $charcount
        $charcount = 0
        
    }
    
}
$out | % {$nice += [char]$_}
$nice -join ""

Script will do the following

This will translate each character into a decimal
Match the three NPC characters and when it doesn’t match take our count and add it to the array as it breaks on ASCII
Increment for each NPC, we only need one of the three NPCs, I chose the first.
Add the count to our array
Reset the count to start over
Print out and convert to ASCII and save to our nice output
Print the variable and join them together into one single line

PreviousMay-FlowerShell NextROT of a Different Sort

Last updated 3 years ago