Lost in the illusion!
I played the Yangcheng Cup the day before yesterday
I think this question is very interesting
So today I will reproduce it for you guys (There is Keli in it) ( •̀ ω •́ )y
first step
Download the attachment and unzip it
get a virtual machine file
Since the format of the file is correct, others have given it to us, so it is inappropriate if we don’t open it
Here we are using DiskGenius Disk Utility to open
Click on the disk - open the virtual machine disk file
choose the file he gave you
In this way, all the files in him will be displayed.
Let's export it all first
We can see that there are many pictures, a txt document, and several files without suffixes
There are so many pictures, so let's look at the document first
It's all about the environment, look at the environment is those pictures
There is no way we can only analyze the pictures
I believe that after further observation, you will find that the 100 pictures in the middle are actually in the same format and size.
So the extra things can be dispensable
Then we will first analyze the pictures that can be opened, but it is useless
Just look at the hexadecimal format of those files without saying anything 010
After careful observation, I found that this file is just missing the file header.
According to the information we know, the file header of png should be supplemented
save it
You will find that it is still the same picture
But if you look closely, you will find that the file formats of the two pictures are different.
So use the stegsolve tool to XOR two images to get a key
Get a key "Kelly come to report"
There is only one picture of Keli left here and we have no information
When we carefully observe the picture format, we will find that most of the front is garbled
especially the red part
Here we find a screenshot of an article as above for everyone to understand
According to our understanding, clear all the extra and garbled characters
get a full picture
get
Since the key was obtained earlier, it must be to decrypt the picture
After multiple attempts, it was found to be outguess steganography
Order
outguess -k" 可莉前来报道" -r 3333.jpg flag.txt
get the flag
DASCTF{f473a6fd2de17a0c5794414b3905ebbe}