Intro

This is my write-up of a Misc challenge Hidden Painting on the CTF site 247CTF.com

Instructions

We created a hidden painting which will lead you to the flag. Can you connect the dots and piece it back together?

Howto

We get a file named secret_map.txt.

If we check the contents, we can see that it contains two columns of hexadecimal values. Are they the coordinates for our points?

$ head secret_map.txt
0x4b 0x9d0
0x44 0x974
0x33 0x92
0x2f 0x660
0x48 0xe1
0x47 0x59c
0x5b 0x4cf
0x7c 0x489
0x32 0x5f0
0x41 0x62

My idea was to decode the values to decimal and plot them somehow.

I quickly abandoned my proof of concept idea of drawing a few points by hand, as the list is pretty large:

$ wc -l secret_map.txt
   62833 secret_map.txt

Quick search has shown that the best way to plot and connect the points in python is with pygame.

I had some problems with PyGame on macOS, as the stable version with Python 3.7 was not showing the contents of the pygame.display. Fortunatley I was not alone. To solve the issue, I have upgraded to Python 3.8 and the development version of PyGame:

$ pip3.8 install pygame==2.0.0.dev6

A little offtopic: If you are using macports and vim with Python support, don’t uninstall Python 3.7, as there is no vim compiled with Python 3.8 yet.

As I have never wrote a line of code with PyGame, I searched for beginner PyGame tutorials and used some example code and modified it to help me catch the flag.

The thing that created the most problems for me was that I tried to really connect the dots, a good pupil reads the instructions literally. But I could only see the borked 2 in front and nice clean } in the back of the plotted image.

It was obvious that there is too much drawing involved and that I am over extending.

The soultion was to just plot the dots, without connecting them.

So basically the script creates a canvas of 3000x500px, iterates through the coordinates, converts hexadecimal values to decimal and plots the dots.

#!/usr/bin/env python3


import pygame

def main():
    pygame.init()      

    main_surface = pygame.display.set_mode((3000, 500))


    while True:
        ev = pygame.event.poll()    
        if ev.type == pygame.QUIT:  
            break                   


        f = open("secret_map.txt", "r")
        data = f.readlines()
        f.close()

        for line in data:
            l = line.strip().split()
            x0=int(l[1],16)
            y0=int(l[0],16)
            pygame.draw.line(main_surface, (255,0,255), (x0,y0), (x0,y0), 1)

        pygame.display.flip()

    pygame.quit() 

main()

See Also