Forensics — LoadSomeBits

Look carefully at the lower left corner where the red arrow is pointing
Lower left corner (enlarged)
import os
import mmap
BMP_HEADER_SIZE = 54
BITS_PER_BYTE = 8
def memory_map(filename, access=mmap.ACCESS_READ):
size = os.path.getsize(filename)
fd = os.open(filename, os.O_RDWR)
return mmap.mmap(fd, size, access=access)
with memory_map("pico.bmp") as b:
for i in range(BMP_HEADER_SIZE,
len(b) - BMP_HEADER_SIZE - BITS_PER_BYTE,
BITS_PER_BYTE):
chunk = b[i:i+BITS_PER_BYTE]
new_byte = 0
for x, byte in enumerate(chunk):
new_byte |= byte << (BITS_PER_BYTE - x - 1)
c = chr(new_byte)
if new_byte == 0:
break
print(c, end='')
print('')
The Least Significant Bit is the bit with the lowest binary value (i.e. 2 to the power of 0, which is 1). Hence this is called the “little end” of the byte.
The Most Significant Bit is the bit with the greatest binary value (i.e. 2 to the power of 7, which is 128). Hence this is called the “big end” of the byte.
Reading the bytes in this order is equivalent to reading the hex data from right to left.
Reading the bytes in this order is equivalent to reading the hex data from left to right.
import binascii


image = open('pico.bmp', 'rb').read()
s = ''

for c in image:
s += str(ord(c) & 1)

for it in range(16):
ss = ''
try:
ss = binascii.unhexlify('%x' % int(s[:-it], 2))

except:
pass

if 'pico' in ss:
print ss[ss.find('pico') : ss.find('pico') + 70]

break
for i in range(BMP_HEADER_SIZE,
len(b) - BMP_HEADER_SIZE - BITS_PER_BYTE,
BITS_PER_BYTE):
chunk = b[i:i+BITS_PER_BYTE]
chunk = reversed(list(chunk))
new_byte = 0
for x, byte in enumerate(chunk):
new_byte |= byte << (BITS_PER_BYTE - x - 1)
c = chr(new_byte)
if new_byte == 0:
break
print(c, end='')
The flag (in another format)

--

--

--

A variety of topics related to the information security (infosec) field

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Deploying Spring Boot Application in Kubernetes

That killer app only helps you if you can find it on your iPhone when you need it.

Auto-Waving in BlueYonder WMS Application

Important RASA commands

Interface solidity

Write your First Blockchain Smart Contracts

Learning Android (Day 3)

How PyCon Cured (Some of) My Imposter Syndrome

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alex Myers Security Engineer

Alex Myers Security Engineer

A variety of topics related to the information security (infosec) field

More from Medium

Project 4 : ESP32 External Sensor

My Honeypot Adventure

OverTheWire:~$ Bandit Level 31 → 32

x86–64 Troubleshooting Tales: I can jump to ring 3 via IRETQ but not via SYSRET… Why? — Part 1