The villains are communicating with their own proprietary file format. Figure out what it is.
proprietary.ctfcompetition.com 1337
We were given an encoded binary file of unknown format, and service to connect to. Sending some data there,
we were getting some errors like P6 expected or width expected. It looks like it expected image in
simple P6 format. Indeed, when we sent that, we got some data that has similar structure as the flag.ctf file.
After a header, there were raw pixel data (in reversed, BGR order) preceeded often by some small (<0x10) bytes.
Sending /dev/urandom as pixels, we received file that was about 1/3 larger than what we sent. On the other hand,
sending "A" * 256 we got very short file - so there must be some kind of compression.
After some experimentation, we found what the format was - it was preorder representation of quad tree. The recursive description of a node is:
- if the next byte was
0xf, what follows is recursive representations of four children nodes - if the next byte
bwas < 0xf, what follows is three bytes of pixel color, followed by some children nodes. For each of the four bits ofb, if it is 0, make the node fully colored in that saved color and don't parse it, otherwise, we have to parse recursive representation of children node.
We wrote a parser and tested it on a few simple inputs, then ran it on flag.ctf to get lol.png and the flag.