Security if God wills it

Ecoin Writeup (34C3 CTF)

Challenge description

ecoin - hard

I think I'm getting crazy! I see things in things. Like this: PDF

The PDF file :

First glance

First, I opened the PDF and did not notice anything out of the ordinary. This PDF contains an advertisement for Ecoin (wink to Mr.Robot) as well as a blank page "[This page unintentionally left blank]".

I then issued some basic forensics-related commands :

pdfinfo ecoin_vuln_notes.pdf


Syntax Error (1288034): Missing 'endstream' or incorrect stream length

That's interesting. Let's check it out:

binwalk ecoin_vuln_notes.pdf


I see a split ZIP file at the end of the PDF. Let's try to extract it.

Part II - Extract the ZIP file

First step, retrieving the pieces of the ZIP file in the PDF:

To do this I make use of the information previously retrieved using binwalk and the dd command, and then I use the zip -FF command to check the file and fix it if needed:

zip -FF --out


and now I can extract it:



Ok, I need a password to extract hint.pdf.

I reread the binwalk output and notice something peculiar. In the PDF, I can only see one picture, but in the binwalk I see a PNG and a JPEG file. Weird.

The pdfextract (origami) command allows me to extract both files. YEAH! The JPEG file seems very interesting :)


Let's try "Pure_Funk" as password for the ZIP.

It works. :-)

So now, we have two new files, flag.png and hint.pdf.

flag.png: noaltfuckyoubz

hint.pdf: noaltfuckyoubz

Part II - Recover the flag

I open hint.pdf and notice something strange at the top. I do a CTRL+A, CTRL+C and CTRL+V in SublimeText and obtain the following result:

AES IV: F01D86CDBB7E1CD88815BEB4106A558C

Very, very, very promising.

I summarize: we have a JPEG file containing the text "Pure_Funk", a flag.png file that is unusable in the current state and a hint.pdf file containing an AES IV as well as the text "AngeWouldLoveIt!".

I immediately think of a from 31C3 by Ange Albertini called "Funky File Formats".

In this presentation, there was a POC called "Angecryption". This POC showed that it is possible to retrieve a valid file from another valid file by encrypting it or decrypting it using a block cipher and a well-chosen IV.

Let's try this.

from Crypto.Cipher import AES


key = "AngeWouldLoveIt!"

aes =, AES.MODE_CBC, IV)

with open("flag.png", "rb") as f:
    d =

d = aes.encrypt(d)

with open("out", "wb") as f:


Arff… :(


Whew! :)

So, after encrypting flag.png using AES, I obtain a new PNG file.

The image is a white square containing transparent holes, I name it mask.png, and merge both images together to obtain the following result:


YES, that is the flag! :)


comments powered by Disqus

Receive Updates