The weekend of 02-03 july 2016\u00a0is the WARGAME of the\u00a0Nuit du Hack 2016<\/a><\/strong>\u00a0as a Jeopardy CTF<\/strong>. Having had the opportunity and the time to participate with some colleagues and friends, here\u2019s a write-up resolution of the challenges which we could participate.<\/p>\n tl;dr : one_too_many_1.png XOR\u00a0one_too_many_2.png (convert tool on kali)<\/strong><\/strong><\/p>\n Two PNG images are provided to us for this challenge:<\/p>\n one_too_many_1<\/p><\/div>\n one_too_many_2<\/p><\/div>\n The technique of “One-Time-Pad” was used to encrypt\u00a0these images, and the key is identical between the two ciphers (two-time-pad).<\/p>\n The following relationship follows:<\/p>\n A simple Google<\/a> search on a fast method to XOR two images, brings us to this topic<\/a>, which details the use of the command “convert”. The methodology is applied:<\/p>\n And the flag is displayed\u00a0:\u00a0ndh2k16_88bcb95612bf8207da083e784f1855b8<\/strong><\/p>\n one_too_many_flag<\/p><\/div>\n Thank you to all the team of the NDH2K16 for this event and for the whole organization!<\/p>\n Greeting to\u00a0nj8<\/a>, St0rn<\/a>, Emiya<\/a>, Mido, downgrade,\u00a0Ryuk@n and\u00a0rikelm, ?\u00a0\/\/ Gr3etZ<\/p>","protected":false},"excerpt":{"rendered":" Write-up of the challenge \u201cCrypto\u00a0\u2013 One too many\u201d of Nuit du\u00a0Hack 2016\u00a0Wargame The weekend of 02-03 july 2016\u00a0is the WARGAME […]<\/p>\n","protected":false},"author":1337,"featured_media":2112,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58,57,56,524,523,526,527,525],"tags":[504,470,243],"class_list":["post-2154","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cryptanalyse","category-cryptographie","category-cryptologie","category-ctf","category-events","category-ndh","category-ndh2k16","category-wargame","tag-one-time-pad","tag-steganography","tag-xor"],"_links":{"self":[{"href":"https:\/\/www.asafety.fr\/en\/wp-json\/wp\/v2\/posts\/2154","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.asafety.fr\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.asafety.fr\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.asafety.fr\/en\/wp-json\/wp\/v2\/users\/1337"}],"replies":[{"embeddable":true,"href":"https:\/\/www.asafety.fr\/en\/wp-json\/wp\/v2\/comments?post=2154"}],"version-history":[{"count":7,"href":"https:\/\/www.asafety.fr\/en\/wp-json\/wp\/v2\/posts\/2154\/revisions"}],"predecessor-version":[{"id":2164,"href":"https:\/\/www.asafety.fr\/en\/wp-json\/wp\/v2\/posts\/2154\/revisions\/2164"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.asafety.fr\/en\/wp-json\/wp\/v2\/media\/2112"}],"wp:attachment":[{"href":"https:\/\/www.asafety.fr\/en\/wp-json\/wp\/v2\/media?parent=2154"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.asafety.fr\/en\/wp-json\/wp\/v2\/categories?post=2154"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.asafety.fr\/en\/wp-json\/wp\/v2\/tags?post=2154"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n
![\"one_too_many_1\"](\"https:\/\/www.asafety.fr\/wp-content\/uploads\/one_too_many_1-300x108.png\")
<\/a>![\"one_too_many_2\"](\"https:\/\/www.asafety.fr\/wp-content\/uploads\/one_too_many_2-300x108.png\")
<\/a>one_too_many_1.png = one_too_many_1_original.png XOR OTP\r\none_too_many_2.png = one_too_many_2_original.png XOR OTP\r\n \r\none_too_many_1.png XOR\u00a0one_too_many_2.png =\u00a0one_too_many_1_original.png XOR\u00a0one_too_many_2_original.png<\/pre>\n
convert one_too_many_1.png one_too_many_2.png -fx \"(((255*u)&(255*(1-v)))|((255*(1-u))&(255*v)))\/255\" one_too_many_flag.png<\/pre>\n
![\"one_too_many_flag\"](\"https:\/\/www.asafety.fr\/wp-content\/uploads\/one_too_many_flag-300x108.png\")
<\/a>