Project Sekai - ❌-forensics-detective-pikachu-1

Project Sekai

🔒 UMDCTF 2023 / ❌-forensics-detective-pikachu-1

Detective Pikachu 1 - 500 points

Category: Forensics Description: Detective Pikachu is investigating the murder of a trainer in the Sinnoh region! Can you help him find out who did it? It seems whoever did this did not want to be caught and tried sabotaging all evidence that Pikachu had on hand! We need to first help him unlock and recover his dossier! Download Files Here Credit to this Twitter user for the original art used in this challenge. Author: amanthanvi Files: No files. Tags: No tags.

Sutx pinned a message to this channel. 04/29/2023 4:03 PM

@Deleted User wants to collaborate

@Legoclones wants to collaborate

@Violin wants to collaborate

lol 4G

@afterworld wants to collaborate

okay gonna look at this one now

21:54

wow so they give you a 4 GB zip file that is corrupted at the end

21:54

The ZIP ending isn't there when it should be

21:55

7zip think it's password protected too, but idk if that's because it's missing the end, or because it actually is pwd protected

21:55

zip2john can't get the password bc the zip file is malformed

21:55

and it's 4 GB so hard to manually edit

21:55

why are all these challs pain

@Guesslemonger wants to collaborate

this really doesn't have end of central directory

50 4B 01 02 3F 00 14 00 00 00 00 00 91 85 9D 56 00 00 00 00 00 00 00 00 00 00 00 00 0F 00 1C 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 73 69 6E 6E 6F 68 5F 64 6F 73 73 69 65 72 2F 55 54 09 00 03 B2 81 4D 64 C6 81 4D 64 75 78 0B 00 01 04 E8 03 00 00 04 E8 03 00 00 50 4B 01 02 3F 00 14 00 09 00 08 00 E5 62 9D 56 E8 75 94 2A FF FF FF FF FF FF FF FF 1C 00 30 00 00 00 00 00 00 00 20 00 00 00 49 00 00 00 00 73 69 6E 6E 6F 68 5F 64 6F 73 73 69 65 72 2F 63 61 73 65 5F 66 69 6C 65 73 2E 37 7A 55 54 09 00 03 6D 44 4D 64 D5 7F 4D 64 75 78 0B 00 01 04 E8 03 00 00 04 E8 03 00 00 01 00 10 00 AA 9F 31 AC 01 00 00 00 25 64 43 AC 01 00 00 00 50 4B 05 06 00 00 00 00 02 00 02 00 D4 00 00 00 A3 29 80 E7 00 00

(edited)

02:10

i appended this after 0F 57 D8 zip2john throws Error, fread could not read the data from the file: sinnoh_dossier.zip identifies central directories correctly though

02:10

some file length issue as per source code I think

02:12

ok some issue

02:17

zipinfo sinnoh_dossier.zip
Archive:  sinnoh_dossier.zip
Zip file size: 3883936397 bytes, number of entries: 2
-rw----     6.3 fat        0 bx stor 23-Apr-30 02:14 sinnoh_dossier/
-rw-a--     6.3 fat 4294967295 BX defN 23-Apr-29 12:23
2 files, 4294967295 bytes uncompressed, 4294967283 bytes compressed:  0.0%

note:  didn't find end-of-central-dir signature at end of central dir.

so it is ia zip64 file appended

50 4B 07 08 E8 75 94 2A 25 64 43 AC 01 00 00 00 AA 9F 31 AC 01 00 00 00 50 4B 01 02 3F 00 14 00 00 00 00 00 91 85 9D 56 00 00 00 00 00 00 00 00 00 00 00 00 0F 00 1C 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 73 69 6E 6E 6F 68 5F 64 6F 73 73 69 65 72 2F 55 54 09 00 03 B2 81 4D 64 C6 81 4D 64 75 78 0B 00 01 04 E8 03 00 00 04 E8 03 00 00 50 4B 01 02 3F 00 14 00 09 00 08 00 E5 62 9D 56 E8 75 94 2A FF FF FF FF FF FF FF FF 1C 00 30 00 00 00 00 00 00 00 20 00 00 00 49 00 00 00 00 73 69 6E 6E 6F 68 5F 64 6F 73 73 69 65 72 2F 63 61 73 65 5F 66 69 6C 65 73 2E 37 7A 55 54 09 00 03 6D 44 4D 64 D5 7F 4D 64 75 78 0B 00 01 04 E8 03 00 00 04 E8 03 00 00 01 00 10 00 AA 9F 31 AC 01 00 00 00 25 64 43 AC 01 00 00 00 50 4B 06 06 2C 00 00 00 00 00 00 00 0A 03 2D 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 D4 00 00 00 00 00 00 00 BB 29 80 E7 00 00 00 00 50 4B 06 07 00 00 00 00 8F 2A 80 E7 00 00 00 00 01 00 00 00 50 4B 05 06 00 00 00 00 02 00 02 00 D4 00 00 00 FF FF FF FF 00 00

03:48

zipinfo file size is wrong (no other errors) and zipdetails doesn't seem to read central headers (edited)

03:48

and that's why zip2john fread error

i created a test zip64, not really sure why it doesn't read headers

ok understood issue, size is more than 8 bytes

000000A3   Uncompressed Size   00000001AC319FAA
000000AB   Compressed Size     00000001AC436425

04:43

file is not that long hmm

compressed length is E78028F0

05:25

multiple GBs hash

@crazyman ai wants to collaborate

how the fuck do i crack a 7gb hash?

1

Did u get it?

07:03

The hash? From zip2john?

yes

07:04

i repaired the file

John default wordlist didn't help?

2 hours back actually, idk how to crack it

07:04

it won't even load the hash file

07:04

process gets killed

50 4B 07 08 E8 75 94 2A F0 28 80 E7 00 00 00 00 AA 9F 31 AC 01 00 00 00 50 4B 01 02 1E 03 0A 00 00 00 00 00 91 85 9D 56 00 00 00 00 00 00 00 00 00 00 00 00 0F 00 1C 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 73 69 6E 6E 6F 68 5F 64 6F 73 73 69 65 72 2F 55 54 09 00 03 B2 81 4D 64 C6 81 4D 64 75 78 0B 00 01 04 E8 03 00 00 04 E8 03 00 00 50 4B 01 02 1E 03 2D 00 09 00 08 00 E5 62 9D 56 E8 75 94 2A F0 28 80 E7 FF FF FF FF 1C 00 28 00 00 00 00 00 00 00 20 00 00 00 49 00 00 00 73 69 6E 6E 6F 68 5F 64 6F 73 73 69 65 72 2F 63 61 73 65 5F 66 69 6C 65 73 2E 37 7A 55 54 09 00 03 6D 44 4D 64 D5 7F 4D 64 75 78 0B 00 01 04 E8 03 00 00 04 E8 03 00 00 01 00 08 00 AA 9F 31 AC 01 00 00 00 50 4B 06 06 2C 00 00 00 00 00 00 00 0A 03 2D 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 CB 00 00 00 00 00 00 00 BB 29 80 E7 00 00 00 00 50 4B 06 07 00 00 00 00 86 2A 80 E7 00 00 00 00 01 00 00 00 50 4B 05 06 00 00 00 00 02 00 02 00 CB 00 00 00 FF FF FF FF 00 00

07:04

footer (edited)

Wait so the hash is 7gb? Twice the size of the zip file?

07:05

May be jank but write a loop in Python that tries various passwords

50 4B 03 04 0A 00 00 00 00 00 91 85 9D 56 00 00 00 00 00 00 00 00 00 00 00 00 0F 00 1C 00 73 69 6E 6E 6F 68 5F 64 6F 73 73 69 65 72 2F 55 54 09 00 03 B2 81 4D 64 C6 81 4D 64 75 78 0B 00 01 04 E8 03 00 00 04 E8 03 00 00 50 4B 03 04 2D 00 09 00 08 00 E5 62 9D 56 E8 75 94 2A F0 28 80 E7 FF FF FF FF 1C 00 30 00 73 69 6E 6E 6F 68 5F 64 6F 73 73 69 65 72 2F 63 61 73 65 5F 66 69 6C 65 73 2E 37 7A 55 54 09 00 03 6D 44 4D 64 D5 7F 4D 64 75 78 0B 00 01 04 E8 03 00 00 04 E8 03 00 00 01 00 10 00 25 64 43 AC 01 00 00 00 F0 28 80 E7 00 00 00 00

07:06

header

07:06

compressed data starts with F7 C3 36 and ends with 0F 57 D8

When I tried unzipping file the first time (using 7z x) it loaded for like 2 mins before asking for password

07:06

Would be a slow loop but maybe possible

Legoclones

Wait so the hash is 7gb? Twice the size of the zip file?

yes, it will be double the size

Sad

i am not sure if uncompressed data size also needs to be changed, but it shouldn't matter

wtf

doesn't look like pass is in rockyou lmao

aak admin

not in server

07:44

someone ask

k

07:45

what do i ask

07:45

you repaired zip already?

07:45

and password not in rockyou

yes

k lemme ask

07:48

Image attachment

07:49

@Guesslemonger

wut!?

whats the error

what error?

idk

07:49

try without repair

07:49

i thought zip2john gives error

yes central directory not found

07:49

would be the error

Guesslemonger

zipinfo sinnoh_dossier.zip
Archive:  sinnoh_dossier.zip
Zip file size: 3883936397 bytes, number of entries: 2
-rw----     6.3 fat        0 bx stor 23-Apr-30 02:14 sinnoh_dossier/
-rw-a--     6.3 fat 4294967295 BX defN 23-Apr-29 12:23
2 files, 4294967295 bytes uncompressed, 4294967283 bytes compressed:  0.0%

note:  didn't find end-of-central-dir signature at end of central dir.

is it this?

zip2john is not feasible anyway, hash file is 7+ gb, it won't work

the error

no

so what i send him

that error he fixed

"Central Directory not Found" or something like that

07:50

when using zip2john

ok

do we even require any password then?

07:51

what does he mean by 'not repairing'

Maybe more than just the central directory is broken? And it thinks it's password protected when it's not?

wtf is chall file broken?

07:52

its rly broken, no way u can solve without repairing (edited)

password protection is signified by file format only

So it could say it's pwd protected when it's really not?

"a password is required but you shouldn't have had to fix the zip"

that makes no sense

07:54

because when u run zip2john Did not find End Of Central Directory.

umm don't care if we did, is password in rockyou, yes or no

1

07:55

i had tried raw inflating earlier, it requires a password since inflated is not a valid file

1

Image attachment

Bro what

do you have a screenshot or sth

07:56

so i can send him

wtf

im on phone

this guy is tripping

1

07:57

Image attachment

he said he will look into it

bro released a broken chall for so many hrs

Maybe that's why no solves?

yeah

afterworld

bro released a broken chall for so many hrs

Lol that's like the 5th time

07:57

So many have been broken

i wasted almost entire day again

1

Did they not play test?

on some piece of shit

07:58

mf, will create a chall on repairing zip file lmao

1

Legoclones

Did they not play test?

ig lmao

waiting for him to check

07:59

is there any progress on iq or no

idk about it anymore

https://drive.google.com/file/d/1AjYBsfqrTTVr1ePs-uxvXse89GpJONr7/view

sinnoh_dossier.zip

08:01

i guess it's broken challenge

someone else seems to be recovering zip too

08:02

from what i saw in chat lmao

08:03

yeah its broken

Smh

08:04

This CTF

‍♂️

yeah lol

08:05

vote 1 drama again

vote 0

why there are more guessng chal

08:05

XD

sahuang

vote 1 drama again

lmao on twitter

and broken chal

i think he will release the complete zip later

i will sleep

08:05

XD

he said i am not sure if fixing the zip and then trying to crack password would work.

08:06

idk how to persuade him to go this way (which we spent time on) if it doesnt work

mf can't say yes or no to password being in rockyou?

im pretty sure it is

08:10

he said i guess you'll have to see when the chall is back up

08:11

it doesnt make sense if not rockyou cuz they didnt hint a guess

08:11

but yeah they will fix it soon in an hour

erm, then my file should get cracked

08:13

idk

the chal file is broken so you wont be able to crack it

08:14

fix zip then crack isnt their intended

08:16

also how hard will it be after cracking the zip

08:16

for these 2 chals

hmm

it should be back after an hour

08:17

we should try the iq one

Image attachment

10:08

trash

Booooooooooooooooooo

11:25

They're not gonna get the highest rating

11:25

Had some good challs, but too much stuff like this

yeah

11:25

11:26

we need one more solve to win

11:26

they had to solve 4 chals if we did another

11:26

kinda hard in 6.5 hrs

Exported 160 message(s)