mrcrypt's DC610's 2023 Pub Crawl CTF steganography challenge
carnival solution
carnival is a steganography puzzle box.
Play the carnival games and visit the Hall of Mirrors
to get your ticket to the Big Top!
The diagram below is the shape of the puzzle.
Part 3 is encoded into 2a with steghide. The password protected 7zip file containing the flag is appended to 2b,
then those are appended to 2a. The image stack is finally encoded with steghide into part 1.
PART ONE - ASTROBASE32
There are two clues in the text of the image.
The title, "ASTROBASE", and multiples of 8 from 8 to 64 visible above the heads of the dead Earth astronauts.
The number 32 is a different color scheme than the rest. That and the title are to hint at using base32 encoding to whatever you find.
What you find is a string at the end of the file.
Decrypt the string for the steghide password for this file.
The bottles.jpg is produced. The left image below.
PART 2 - BOTTLES
The first two clues are in the text of the image: the partially visible name of this game of skill, 'BREAK UP',
and '1/2' hidden in the white space at the bottom of the sign.
Investigating this file further reveals it's a stack of three appended files that can be separated with software like binwalk.
Two halves of an image and an encrypted 7zip file are produced.
Follwing the diagram above, the two image halves are parts 2a and 2b.
The '1/2' clue is supposed to hint that these images should be combined.
Combining the colors in these images using an XOR function reveals the string "WINCHOICE".
This is the steghide password for the left image.
PART THREE - Hall of Mirrors
The clue for this is in the name, Hall of MIRRORS.
There's a string at the end of the file encrypted with AtBash, a mirror cipher.
The words on the image, "SAY MY NAME", go along with the decrypted message for flavor, but that's it.
PART 4 - The Big Top
The decrypted message is the password for the 7zip, wherein lies the final flag file.
THANK YOU FOR PLAYING!