# Bmpass

<div align="left"><figure><img src="/files/NK4nkr2370o07ztaFXlC" alt=""><figcaption></figcaption></figure></div>

{% file src="/files/UR0lwfy644cs8x1QcH0o" %}

let's open the encrypt.py script

```python
#!/usr/bin/env python3

from Crypto.Cipher import AES
import os, sys

#open's the image and read it as binary
img_in = open(sys.argv[1], "rb").read()
#pad some data to the image
img_in += b'\00' * (16 - (len(img_in) % 16))
#creating a random key using the os.urandom(16)
#and encrypting the image using AES MODE ECB
cipher = AES.new(os.urandom(16), AES.MODE_ECB)
img_out = cipher.encrypt(img_in)
#saving the encrypted image into the name of the image .bmp.enc
open(sys.argv[1] + ".enc", "wb+").write(img_out)
```

the image is encrypted using `MODE ECB`  so this can be an <mark style="color:blue;">**ECB Penguine**</mark>

What is the `ECB Penguin` ? The most common encryption algorithm, AES, is a block cipher with 128-bit blocks. A block cipher always encrypts the same contents the same way, given the same key. Naively, that doesn't seem like a problem because that output is still encrypted, and hence "secure", but it reveals information.

this is an exemple of ECB penguine even though it's encrypted using AES MODE ECB but the fact that it encrypts the same contents the same way it reveals information

<div align="left"><figure><img src="/files/R1b5GkfMXCGMJs0poOBj" alt=""><figcaption></figcaption></figure></div>

and to reveal information inside the image encrypted using AES MODE ECB we will use a tool called GIMP `GNU Image Manipulation Program`

if it's not installed by default in your kali linux run those commands

```
sudo apt update
sudo apt install gimp
```

<div align="left"><figure><img src="/files/4fPfOGajDKD3eKx9TSB8" alt=""><figcaption></figcaption></figure></div>

<div align="left"><figure><img src="/files/BuFaBNEDMocckY6kKTwX" alt=""><figcaption></figcaption></figure></div>

<div align="left"><figure><img src="/files/ud1vJCHLicAaz9K2B3XO" alt=""><figcaption></figcaption></figure></div>

select RGB Aplha and start playing with the with and offset until you see something in the RAW Image Data in this case i found that the offset 1 and with 960 gives us the flag but the image is rotated 180 degrees and flipped horizontally&#x20;

<div align="left"><figure><img src="/files/vBBwEEw4nZtygK7jVsiX" alt=""><figcaption></figcaption></figure></div>

save the image and then flip the image horizontally and rotate it 180 degress you will get this it's very hard to read

<div align="left"><figure><img src="/files/xvVYCgwYx3fPmBZiCsmc" alt=""><figcaption></figcaption></figure></div>

the flag is => ENO{i\_c4N\_s33\_tHr0ugH\_3ncrYpti0n}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://sayonara.gitbook.io/writeups/ctf/nullcon-berlin-hackim-ctf-2023/crypto/bmpass.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.