Revelaremos agora a resposta do último desafio SegInfo, publicado em 24 de janeiro aqui no blog. Segue um procedimento correto para chegar à solução.
0. Após baixar a imagem, vamos conferir a sua MD5 para confirmar que não houve nenhuma falha na transmissão:
$ md5sum DesafioEsteg.jpg a5d78511149bcf68afddd82a1ed6db29 DesafioEsteg.jpg
1. Com a imagem em mãos, vamos analisar o tipo do arquivo:
$ file DesafioEsteg.jpg DesafioEsteg.jpg: JPEG image data, JFIF standard 1.02
2. Vamos verificar se por acaso não existem strings escondidas na imagem antes de tentar usar um programa:
$ strings DesafioEsteg.jpg 0101011001010111010110100011001101011010011011010110011001000100011100010101100 0010011100011010001001001010010000101011000110000011001000111100101000010001100 1101100001011011100110100000110000011000110101011101000110011100010110010001111 0010100001000110000010010010100011101101100011100010110010101000111010110100111 0010011000100110111001010001011001110110000101010111010110010110011101010011010 0100001000110011011010101100101010111001101010011010001001001010001100110100001 1100010110001001001000011100000011001101011010011011100101000001000100011100000 0110010010110010110011101100001010101110101100101100111010101000110111001001110 0111001001100100010010000110010001111001010110100111001101001111011011100111011 1001101100100111000110000010011000110100101000010010010010110010001001000010011 1001110100011000010111001101001111011011100101101001101001010000100111101001100 1000100100001101000001101000101101001101001010000100100110001100100010010000110 0100011110010101101001110011010011110110111001110111001101100100111000110000010 0100101000111011011000111000101001001010001010101101000110110011000010101011100 1101010011010101100100010010000110001101100111011000010110111001001001011001110 1010111010101110111000000110100011001010101011101101111011001110110000101010111 0110111101100111010101000110111001001110011010000101101001101110011010100100010 0011011110011001101010001011001110110000101101110010010010110011101100010010110 0001101100001101010110010001010100011011110111011001001100001100100100101001101 0010101100101101001001101010110111001100011010110000101001001110011010011000110 1101011010000111100001011010011011010100011001110101011001010100001100110101011 0111101100100010010000100100101110101010110100011001101100011011101100110000100 1100110101001000110011011000110110110101011010011011110101101001101110010100010 1110100011000010101011101101111011101000100111001111010011001110111010001100010 0101100001010010001100110101101001101110011001110111010001011010011011100111000 0011100000110001001101110011011000011000001100100011110010011000101110001011000 1101101001001100010011010101100001011011100110100000110101011000010110100100110 0010111000001100001011010010011000101110101011000110011001001000110011011010110 0101010001110101101000110000010011000101011101011010011011110101101001101101011 0110001110001011000110110110100110101011011010100110001010111011010000111100001 0110100110110101000110011101010110010101000011001100010011010001100001011011010 1111000001101100110010000110010010110100111101001100001010001110101100101110100 0110000101010111010110010111010001100010011011100100111001110010011001000100100 0011001000111100101011010011011010110100001101101011001000100000101101111001111 01
3. Como a mensagem está em binário, precisamos convertê-la para ASCII, para isso você pode usar o Binary to Text (ASCII) Conversion. (Questão Bônus: Como fazer isso sem sair do shell?)
VWZ3ZmfDqXN4IHV0dyB3anh0cWFqdyB0IGlqeGZrbnQgaWYgSHFmYW54IFhqbHp3ZnPDp2Yga
WYgTnNrdHdyZsOnw6N0LiBIdHNtasOnZiBzdHh4ZiBLdHdyZsOnw6N0IGlqIEZ6aW55dHcganIgWWp4
eWogaWogTnNhZnjDo3QganIgbXl5dTovL2JiYi5ncXRsLmhxZmFueC5odHIuZ3cva3R3cmZoZnQtaWo
tNzgtbXR3ZngtZnppbnl0dy1qci15anh5ai1pai1uc2FmeGZ0LWZoZmlqcm5mLWhxZmFueC14amx6d2
ZzaGYtaWYtbnNrdHdyZmhmdAo=
4. Agora decodificamos a mensagem de base64:
echo "VWZ3ZmfDqXN4IHV0dyB3anh0cWFqdyB0IGlqeGZrbnQgaWYgSHFmYW54IFhqbHp3ZnPD p2YgaWYgTnNrdHdyZsOnw6N0LiBIdHNtasOnZiBzdHh4ZiBLdHdyZsOnw6N0IGlqIEZ6aW55dHcganI gWWp4eWogaWogTnNhZnjDo3QganIgbXl5dTovL2JiYi5ncXRsLmhxZmFueC5odHIuZ3cva3R3cmZoZn QtaWotNzgtbXR3ZngtZnppbnl0dy1qci15anh5ai1pai1uc2FmeGZ0LWZoZmlqcm5mLWhxZmFueC14a mx6d2ZzaGYtaWYtbnNrdHdyZmhmdAo=" | base64 -d Ufwfgésx utw wjxtqajw t ijxfknt if Hqfanx Xjlzwfsçf if Nsktwrfçãt. Htsmjçf stxxf Ktwrfçãt ij Fzinytw jr Yjxyj ij Nsafxãt jr myyu://bbb.gqtl.hqfanx.htr. gw/ktwrfhft-ij-78-mtwfx-fzinytw-jr-yjxyj-ij-nsafxft-fhfijrnf-hqfanx-xjlzwfshf- if-nsktwrfhft
5. Por fim, seguindo a dica da foto (salada caesar), vemos que o texto está cifrado usando a Cifra de Caesar, com chave de deslocamento de valor 5. Para cada letra (exceto as acentuadas), substitua pela quinta letra anterior (valor ASCII menos 5). Você pode usar o cipher.py para ler a mensagem:
"Parabéns por resolver o desafio da Clavis Segurança da Informação. Conheça nossa Formação de Auditor em Teste de Invasão em http://www.blog.clavis.com.br/formacao-de-100-horas-auditor-em-teste-de-invasao-academia-clavis-seguranca-da-informacao/"