CSAW 2016: Sleeping Guard - Crypto, 50pts

Description:
Only true hackers can see the image in this magic PNG....
File Given:
sleeping_dist.py
Flag:
flag{l4zyH4CK3rsd0ntg3TMAg1C_FlaG5}

Upon connecting to the server, you are givena base64 encoded message. After decoding it, the string does not make as much sense but certain patterns can be seen, especially at the beginning of it. Upon looking through sleeping_dist.py, we can see that they have encrypted a PNG file with a 12 character long key. Upon inspection of the ecnrypted message, I noticed that "ey!" showed up at regular intervals, indicating to me that this was most likely an Xor cipher used multiple times over the file. Knowing that the first 12 bytes of a PNG file are almost always "89504E470D0A1A0A0000000D" (hex), I merely Xord those bytes to the first twelve bytes of the cipher text to reveal the key: "WoAhAKey!?". I then simply Xord that key to every byte in the cipher text and outputed the result to the file "sleeping.png", seen here:

This post was originally uploaded on aaroncook.xyz