This challenge was a little bit tricky. It was a JPEG image in the DIN A4 format, containing the text “Top Secret” and “Forget about the previous mission, Be there, at the time I’ve specified”.
After a little bit searching, we found in the bottom right quarter a square with some tiny, almost invisible yellow points. Gimp’s Desaturate tool and a zoom to 200% made the magic and we were actually able to see the “dot-matrix” in a good quality. Represented with 1 for a dot and 0 for not a dot, we have:
00011111111110010
10001000110111010
10001001101110111
00011010101111101
11001101100011010
00101111111001010
10111010100101011
11011100110111001
Okay, it’s a binary 17x8 matrix. Quite naturally, our first attempt was it to parse it as ASCII code in whatever possible way. Indeed, the dot-matrix contains some text, when the matrix is read from top to bottom. The first bit has to be set to 0 hereby since ASCII uses only the lower 7 bits. Following this rules, we have:
01101011 0x6B
00001001 0x09
00000110 0x06
10010011 0x13
11111111 0x7F
10001101 0x0D
10010110 0x16
10101100 0x2C
11111111 0x7F
11000101 'E'
10110100 '4'
11110011 's'
11111001 'y'
01011111 '_'
00110000 '0'
11101110 'n'
00110011 '3'
So, we tried to submit “E4sy_0n3” but this was not the flag. So we went back to analysis and figured out that the first bit is actually a parity bit besides in the first line (0x6b) and the lines containing only out of 1s, which are clearly some kind of seperator. The seperators are splitting the matrix in three sections and we thought each section might have other rules for parsing - so we tried all imagable and all not imagable stuff - not successful.
Later on, we stumbled over this webpage: https://w2.eff.org/Privacy/printers/docucolor/ - well, jackpot! So, from our original matrix the first column and the first row could be ignored (what we already did for the latter case) and 0xFF works indeed as seperator. Then the specification says that the first part specifies the time and the second part specifies a date. So lets have again a look to our matrix, converting first and second part to a decimal representation:
0001001 9
0000110 6
0010011 19
1111111 0x7F
0001101 13
0010110 22
0101100 44
1111111 0x7F
1000101 'E'
0110100 '4'
1110011 's'
1111001 'y'
1011111 '_'
0110000 '0'
1101110 'n'
0110011 '3'
Okay, looks like 9/6/19 13:22:44 E4sy_0n3 - they didnt follow the exact format specification, but the result we had here looked okayish. We gave it a shot and indeed, ASIS_MD5(9619132244E4sy_0n3) was the right flag. In retrospective, there was even the hint about the time in the paper and we should’ve thought about it earlier - I guess it was able to come up with the right solution even without the above linked “DocuColor Tracking Dot Decoding Guide”.
-nsr, nurfed