Cursed Steganography

duckerz

Task: recover a flag hidden in a 64x64 PNG image generated by a DCGAN neural network embedded in a Nuitka-compiled Windows executable. Solution: unpack the Nuitka onefile payload (zstd-compressed), intercept the PBKDF2 passphrase via DLL hooking under Wine, decrypt the AES-GCM encrypted ONNX model, reconstruct it in PyTorch, then perform gradient-based GAN model inversion to recover the latent vector and decode the flag from its sign bits.

steganography pbkdf2 pytorch aes_gcm nuitka onnx gan dcgan latent_vector wine dll_hooking zstd

nuitka_onefile_unpackingdll_export_forwardinggan_model_inversiongradient_descent_optimizationlatent_sign_decodingonnx_to_pytorch_conversion

$ ls tags/ techniques/

steganography pbkdf2 pytorch aes_gcm nuitka onnx gan dcgan latent_vector wine dll_hooking zstd

nuitka_onefile_unpackingdll_export_forwardinggan_model_inversiongradient_descent_optimizationlatent_sign_decodingonnx_to_pytorch_conversion

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[stego][Pro]Deep— volgactf
[stego][Pro]Unsettled Huffman— volgactf
[forensics][Pro]Reincarnation— duckerz
[stego][Pro]Мозаика внутри PNG (Mosaic inside PNG)— bug-makers
[reverse][Pro]129 (Утка)— duckerz