Buzz's Secret Watch Part II

// A Space Heroes CTF 2022 Challenge...

Hey Hackers! The SAINTS recently just completed Space Heroes CTF 2022. My personal hardest challenge in this competition was the Buzz's Secret Watch Part II. I will have a video write up attached below in case if you want to visually see the solution to this challenge. Regardless, enjoy the write up!

// buzz-bin.avi:

The challenge gives us a 100 fps five minute video. Each frame of the video has an image of a watch with eight lights.

Each of the lights are colored red, green, or black. After some analysis, Shepherd determined that the eight lights represented binary code.

// Example:

The above images would have a binary output of " 01111111"

// Extracting The Frames:

If I wanted to convert each frame to binary, I would first need to get each frame. I use this Python3 script to extract the frames from the video into a "data" directory. This way we can analyze each frame later down the road.

# Importing all necessary libraries
import cv2
import os

# Read the video from specified path
cam = cv2.VideoCapture("buzz-bin.avi")

try:
	
	# creating a folder named data
	if not os.path.exists('data'):
		os.makedirs('data')

# if not created then raise error
except OSError:
	print ('Error: Creating directory of data')

# frame
currentframe = 0

while(True):
	
	# reading from frame
	ret,frame = cam.read()

	if ret:
		# if video is still left continue creating images
		name = './data/frame' + str(currentframe) + '.jpg'
		print ('Creating...' + name)

		# writing the extracted images
		cv2.imwrite(name, frame)

		# increasing counter so that it will
		# show how many frames are created
		currentframe += 1
	else:
		break

# Release all space and windows once done
cam.release()
cv2.destroyAllWindows()

// Analyzing Frame Data:

Now that we had all 32,463 frames [yeah...that's a lot of frames] in our "data" directory. We can use Python to iterate through all of the frames, and match the circles to binary code. To do this, we needed to find the pixel coordinates of each image. So i used this Python matplotlib script to find the coordinates of the circles.

import cv2
import numpy as np
import matplotlib.pyplot as plt
 
image = cv2.imread("data/frame1.jpg", 1)
# Loading the image
 
half = cv2.resize(image, (0, 0), fx = 0.1, fy = 0.1)
bigger = cv2.resize(image, (1050, 1610))
 
stretch_near = cv2.resize(image, (780, 540),
               interpolation = cv2.INTER_NEAREST)
 
 
Titles =["Original", "Half", "Bigger", "Interpolation Nearest"]
images =[image, half, bigger, stretch_near]
count = 4
 
for i in range(count):
    plt.subplot(2, 2, i + 1)
    plt.title(Titles[i])
    plt.imshow(images[i])
 
plt.show()

// Frames To Binary:

Now that we had the coordinates to each circle on the image, we can convert each circle to its appropriate RGB data. After detecting what color each circle is, we can match it to its appropriate binary character, and add it to an array. Once we iterate through all of the images, we will write the binary array to a "binary.bin" file.

import os
from PIL import Image
import numpy as np
import cv2

array = []

for i in range(32463):
    frame = r"data/frame{}.jpg".format(i)
    print(f'Frame {frame}')
    img = Image.open(frame) 

    # img = Image.open(r"data/frame4.jpg") 

    # whole = img.crop((337, 667, 618, 714)) 
    circle1 = img.crop((350 , 690, 358, 700)) 
    circle2 = img.crop((380, 690, 388, 700)) 
    circle3 = img.crop((420, 690, 428, 700)) 
    circle4 = img.crop((450, 690, 458, 700)) 
    circle5 = img.crop((490, 690, 498, 700)) 
    circle6 = img.crop((520, 690, 528, 700)) 
    circle7 = img.crop((560, 690, 568, 700)) 
    circle8 = img.crop((590, 690, 598, 700)) 

    circle1.save('circle1.jpg') 
    circle2.save('circle2.jpg')
    circle3.save('circle3.jpg')
    circle4.save('circle4.jpg')
    circle5.save('circle5.jpg')
    circle6.save('circle6.jpg')
    circle7.save('circle7.jpg')
    circle8.save('circle8.jpg')

    saved_circles = ('circle1.jpg', 'circle2.jpg', 'circle3.jpg', 'circle4.jpg', 'circle5.jpg', 'circle6.jpg', 'circle7.jpg', 'circle8.jpg')
    
    for i in saved_circles:
        poc = Image.open(i)
        poc = poc.convert("RGB")

        d = poc.getdata()

        binary = ''

        for item in d:
            # black
            if item[0] in list(range(0, 10)) and item[1] in list(range(0, 10)) and item[2] in list(range(0, 10)):
                binary += '0'
                break

            # green
            if item[0] in list(range(0, 10)) and item[1] in list(range(0, 255)) and item[2] in list(range(0, 10)):
                binary += '1'
                break

            # red
            else:
                binary += ' '
                break

        array.append(binary)      
    
data = ''.join(array)

with open('binary.bin', 'w') as f:
    f.write(data)

// binary.bin:

We can convert our binary.bin file into clear text to get ELF executable code. Within the code lies the flag "ELF...shctf{Th1s-Isnt-Fly1ng-THis-Is-FAlliNg-W1th-Styl3}". Thanks for reading, and as always,

Happy Hacking!

// Socials:

• GitHub

• YouTube

• Instagram

• Discord

© 2022 by Cosmodium CyberSecurity LLC