Monday, September 23, 2013

CSAW CTF 2013 :: Recon: Jordan Wiens (100 Points)

Only a link (http://key.psifertex.com/) is given as the question.

The link doesn't give much information except the phrase, "Michael Vario sure does some suspicious signs, hope he doesn't do me."

If you do a Google search on "Michael Vario" you will notice that there are writeups on PGP keys.
Now search for Jordon Wiens PGP keys will lead you to his PGP keys at:

The key contains both the key and an embedded image.


Using an online base64 decoder tool (
http://www.motobit.com/util/base64-decoder-encoder.asp) save the decoded key into a jpeg image.




If you try opening the jpeg image, it will show as corrupted. Open the jpeg image in Hex Editor and you will notice that the actual pgp key is still in the header portion. Remove the portion and save the jpeg again.





Open up the new jpeg image in Paint to view the key.






Regards,

David Billa
"Live for Something or Die for Nothing!" 


4 comments:

  1. neat! sorry if this is a really noob question, but how did you figure out where the pgp key ends when you open the .jpg up in a hex editor?

    ReplyDelete
  2. Hi Josh,
    I compared with other JPEG images' and noticed that the header for JPEG usually starts from "ÿØÿà..JFIF". So i removed till that part and it worked....

    ReplyDelete
  3. For what it's worth, the jpeg wasn't corrupted -- your extraction method was. If you open the PGP key in a viewer that supports embedded images, it parsed just fine.

    ReplyDelete
  4. Yup possible. Guess there are many ways to do it :)

    ReplyDelete