Forensics — LoadSomeBits

Look carefully at the lower left corner where the red arrow is pointing
Lower left corner (enlarged)
import os
import mmap
BMP_HEADER_SIZE = 54
BITS_PER_BYTE = 8
def memory_map(filename, access=mmap.ACCESS_READ):
size = os.path.getsize(filename)
fd = os.open(filename, os.O_RDWR)
return mmap.mmap(fd, size, access=access)
with memory_map("pico.bmp") as b:
for i in range(BMP_HEADER_SIZE,
len(b) - BMP_HEADER_SIZE - BITS_PER_BYTE,
BITS_PER_BYTE):
chunk = b[i:i+BITS_PER_BYTE]
new_byte = 0
for x, byte in enumerate(chunk):
new_byte |= byte << (BITS_PER_BYTE - x - 1)
c = chr(new_byte)
if new_byte == 0:
break
print(c, end='')
print('')
The Least Significant Bit is the bit with the lowest binary value (i.e. 2 to the power of 0, which is 1). Hence this is called the “little end” of the byte.
The Most Significant Bit is the bit with the greatest binary value (i.e. 2 to the power of 7, which is 128). Hence this is called the “big end” of the byte.
Reading the bytes in this order is equivalent to reading the hex data from right to left.
Reading the bytes in this order is equivalent to reading the hex data from left to right.
import binascii


image = open('pico.bmp', 'rb').read()
s = ''

for c in image:
s += str(ord(c) & 1)

for it in range(16):
ss = ''
try:
ss = binascii.unhexlify('%x' % int(s[:-it], 2))

except:
pass

if 'pico' in ss:
print ss[ss.find('pico') : ss.find('pico') + 70]

break
for i in range(BMP_HEADER_SIZE,
len(b) - BMP_HEADER_SIZE - BITS_PER_BYTE,
BITS_PER_BYTE):
chunk = b[i:i+BITS_PER_BYTE]
chunk = reversed(list(chunk))
new_byte = 0
for x, byte in enumerate(chunk):
new_byte |= byte << (BITS_PER_BYTE - x - 1)
c = chr(new_byte)
if new_byte == 0:
break
print(c, end='')
The flag (in another format)

--

--

--

A variety of topics related to the information security (infosec) field

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Adobe Flash Player For Mac Ppapi

How to use Google Colab with GitHub via Google Drive

Interaction between Github, Colab and Drive

Particl Marketplace (alpha) just released!

How to Customize your RStudio Theme (Finally)

Working with IBM Watson and Artificial Intelligence in Node.js

The Age of “No-Code”

Mega8s: A Complex Kubernetes Cluster

kubeAdm on AWS t2.micro(free tier) with 1 GIGS of RAM and 1 CPU

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alex Myers Security Engineer

Alex Myers Security Engineer

A variety of topics related to the information security (infosec) field

More from Medium

Tryhackme Looking Glass

TryHackMe | Toolbox: Vim WriteUp

Basics of Assembly language : Part 3

THM: Gallery