Irregular Expressions

Dec 13 2011   4:40PM GMT

Can you crack it (Part 4)



Posted by: Dan O'Connor
Tags:
can you crack it
can you crack it solution
canyoucrackit solution

I tried running the file.exe created, it does not appear to do anything.  It’s important but I don’t know what to do with it just yet.

The thing I find odd was the hex was given in a png, that’s worth checking out.

I have both sets of files on my SIFT Workstation.  I will start with my favorite tools.

strings

strings cyber.png  | less

Take a look in the file, here is something worth looking at.

]iTXtComment
QkJCQjIAAACR2PFtcCA6q2eaC8SR+8dmD/zNzLQC+td3tFQ4qx8O447TDeuZw5P+0SsbEcYR
78jKLw==2
That looks like unicode.  Lets look at the png’s metadata.
exiftool cyber.png
Comment                         : QkJCQjIAAACR2PFtcCA6q2eaC8SR+8dmD/zNzLQC+td3tFQ4qx8O447TDeuZw5P+0SsbEcYR.78jKLw==

Down at the end is what we are looking for in the Comment section.

That definitely is Unicode.  I have a script around to decode that somewhere for part 5..

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: