# PHDays CTF Quals 2k14 - Mp3 me (1400 points)


# hexdump -C ../123.mp3 | head -n 13
00000000  49 44 33 04 00 00 00 00  1f 76 54 52 43 4b 00 00  |ID3......vTRCK..|
00000010  00 09 00 00 01 ff fe 30  00 31 00 00 00 52 47 42  |.......0.1...RGB|
00000020  37 00 00 00 0d 00 00 03  35 2c 31 38 33 2c 20 4e  |7.......5,183, N|
00000030  55 4c 4c 00 52 47 42 36  00 00 00 0a 00 00 03 30  |ULL.RGB6.......0|
00000040  2c 34 32 2c 31 35 39 00  52 47 42 35 00 00 00 0c  |,42,159.RGB5....|
00000050  00 00 03 31 39 34 2c 32  34 34 2c 36 38 00 52 47  |...194,244,68.RG|
00000060  42 34 00 00 00 09 00 00  03 34 37 2c 37 37 2c 36  |B4.......47,77,6|
00000070  00 52 47 42 33 00 00 00  0b 00 00 03 34 34 2c 37  |.RGB3.......44,7|
00000080  33 2c 31 34 31 00 52 47  42 32 00 00 00 0c 00 00  |3,141.RGB2......|
00000090  03 31 34 30 2c 32 30 37  2c 37 32 00 52 47 42 31  |.140,207,72.RGB1|
000000a0  00 00 00 0d 00 00 03 31  32 30 2c 31 35 36 2c 32  |.......120,156,2|
000000b0  30 33 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |03..............|
000000c0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
# cat mp3me.py
#!/usr/bin/python

from zlib import decompress

list = [120, 156, 203, 140, 207, 72, 44, 73, 141, 47, 77, 6, 194, 244, 68, 0, 42, 159, 5, 183]
code = ''

for byte in list:
 code += '%02x' % byte

print decompress(code.decode('hex'))
# ./mp3me.py
i_hate_ucucuga
References

http://en.wikipedia.org/wiki/ID3
http://www.ietf.org/rfc/rfc1950.txt

2 comments:

Anonymous said...

Porque coges estos bytes y no otros?

list = [120, 156, 203, 140, 207, 72, 44, 73, 141, 47, 77, 6, 194, 244, 68, 0, 42, 159, 5, 183]

t0n1 said...

Inside the ID3 metadata container there are seven RGB 'tags', from RGB1 to RGB7 (an incremental sequence).
Inside of each RGB 'tag' there are three values, each one corresponding to the Red, Green and Blue values, as we can see highlighted.
The list is obtained concatenating these bytes, where the two firsts are the magic number of a zlib header (0x789c: deflate compression + default algorithm).