Recently, I participated to a CTF and got stuck on a steganography challenge. This seemed to be encoded multiple times and at least one step could be hard to guess. Once I found it, I decided to build my guess feature in codext
using an AI algorithm of Graph Search to automate trial and guessing of possible encoding stages. This gave interesting capabilities.
The following example (different from the aforementioned challenge for the sake of not disclosing its flag) shows how to decode a multi-stage encoded data using the guess
command of codext
’s CLI tool. It allows to recover the original data in only a few seconds.
$ echo -en "cac6d0de40449068e69282906cf282da82865eeeec94f286f0ae8296948ad0ca988a669296c6ac92b0d2d6e2989aec90a27282a0d4f266929ab28282828244407c405ee8dae05edae6ce5ce8f0e8" | codext guess hex
Codecs: hex, rotate-left-1
echo "H4sIAH6yAmAC/wvJyCxWAKJEheLE3IKcVIXikqLMvHQ9APjy3IMYAAAA" > /tmp/msg.txt
$ echo -en "H4sIAH6yAmAC/wvJyCxWAKJEheLE3IKcVIXikqLMvHQ9APjy3IMYAAAA" | codext guess base64
Codecs: base64, gzip
This is a sample string.
For more information about how to tune codext
’s CLI tool behavior, see the related documentation.