Mixitup (200)

  • Challenge description: We intercepted some secret pictures of which we believe contains a prototype of our competitor's newest smoothie recipe. It seems that they have mixed up more than just fruits eXclusively. Can you help us finding out what they added?
  • Points: 200
  • Contents: mixitup.zip

For this challenge, we're given a zip file. This zip file contains a .txt file containing a copy of the challenge description, and 2 bitmap files which contain what looks like noise.

From the challenge title and description, we can notice 2 hints. The first one is the challenge name, being "mixitup". Looks like we need to mix the 2 images in some way. Another hint seems to be the capitalization of the word "eXclusively". To me, this seemed to indicate the xor operation.

For those unfamiliar with how xor works, it is a bit-level operation where the output indicates if the 2 input bits differ. If we were to write this out in code, it would be like this:

0 ^ 0 = 0
0 ^ 1 = 1
1 ^ 0 = 1
1 ^ 1 = 0

To extend this operation to work on byte-level, we simple apply the operation on every bit of the input bytes. For example: 0x12 ^ 0x34 == 0x26. This becomes more obvious if we write the bytes down in their bit representation:

0001 0010
0011 0100
---------
0010 0110

Now that we understand how xor works, we can look at the files again. At first, I just used a small program by NirSoft to xor the 2 files together. The problem was that now, I no longer had a working bitmap file anymore. This is because a bitmap file normally contains a header with metadata. Luckily, bitmap files are quite simple, so I wanted to try copying over the header from one of the other files to fix it. Instead of trying to understand the structure of the file header, I just looked at both files in a hex editor to figure out where the structured, non-random data ended and where the encrypted, random data started.

Image 1, Hex Image 2, Hex

Can you tell where the header ends? An interesting property of xor is that if we xor some data with itself, it becomes all 00. Because of this, the header part is easier to notice in the xored file.

XORed image, Hex

Now it's easy to see! Let's copy over the header information from one of our encrypted images and put it in the xored image.

Final image, Hex

Now what do we get if we open this image?

Final image

I have to say that I agree with that. We can now submit the flag in the image for 200 points.