Try it here.
Challenge #17 - Find the key hidden in this document
#1
Posted 12 September 2011 - 09:34 PM
Try it here.
- Brito likes this
#2
Posted 13 September 2011 - 12:12 AM
The task is about retrieving hidden data inside this document. The data itself is compressed by deflate (standard compression method in most zip archives).
Is this related to the contents of the document itself or the key itself within the contents of the document? So far I have understood the format of the content is just a zipped archive containing xml files for the content.
#3
Posted 13 September 2011 - 12:18 AM
#4
Posted 13 September 2011 - 12:23 AM
#5
Posted 13 September 2011 - 12:24 AM
Good work, IcecubeI think that I found where the key is hidden. But I don't know yet how to extract this stream.
#6
Posted 13 September 2011 - 04:17 AM
You must look at the file format (ie zip). Using any MS Office tool will do no good.
Icecube is on the right track. Did you find it?
#7
Posted 13 September 2011 - 08:17 AM
@AceInfinity
You must look at the file format (ie zip). Using any MS Office tool will do no good.
Icecube is on the right track. Did you find it?
Yes I already viewed all of the files through Winrar and extracted them, but I don't have any regular docx to compare to on my computer. I'll create one and see if I can find something.
Edit: I still haven't found any entry for key= in the xml files after a second look from the time I first posted. I may be getting this wrong, but do you mean that there's a value in the xml somewhere as key="VALUE"?
#8
Posted 13 September 2011 - 08:32 AM
A hint:
#9
Posted 13 September 2011 - 08:38 AM
#10
Posted 13 September 2011 - 08:50 AM
The trick is to look at those parts of the document that MS Office does not know about. Looking at the file in a hex-editor might reveal stuff. When found, the key will be in the form; key=a0ss98d765h5 and you would test the key by checking a0ss98d765h5.The only difference I see is the change in a newer file called stylesWithEffects.xml
#11
Posted 13 September 2011 - 08:52 AM
Edit: Nope, I'm still not finding anything, I searched through all of the xml files in Notepad++ with the search key:
key=
And it came up with nothing.
My hex editor isn't finding anything either for some reason.... I must be doing something really stupid, I know it lol. It's around 3am for me right now.
#12
Posted 13 September 2011 - 09:05 AM
#13
Posted 13 September 2011 - 09:10 AM
Looking at the xml parts of the file, is wrong. Searching for the string also leads nowhere, as it is compressed. As explained and visible when opening the file in MS Office/Word, the compression method is given. Searching google may give clues, if searching for the right words.
No I wasn't viewing the actual file in hex editor, I was viewing some of the compressed file contents in my hex editor.
#14
Posted 13 September 2011 - 09:16 AM
Viewing the actual file in a hex-editor would be recommended, and knowledge about zip will most likely help you.
No I wasn't viewing the actual file in hex editor, I was viewing some of the compressed file contents in my hex editor.
#15
Posted 13 September 2011 - 09:24 AM
#16
Posted 13 September 2011 - 09:40 AM
#17
Posted 13 September 2011 - 11:44 AM
Powerpoint?You may get surprised to find out that you are dealing with yet another document...
#18
Posted 13 September 2011 - 11:51 AM
You will see when you get there.. The key is protected by at least 2 layers, and it is not possible to take any shortcuts. First layer must be solved before the second. Layers are logically somewhat similar.Powerpoint?
#19
Posted 13 September 2011 - 11:54 AM
I have a Powerpoint presentation, but no key.You will see when you get there.. The key is protected by at least 2 layers
And no idea yet. And far away from two ideas.
And unfortunately my lunch break terminates.
#20
Posted 13 September 2011 - 11:58 AM
If that's the case, then first layer is unpacked.I have a Powerpoint presentation, but no key.
And no idea yet. And far away from two ideas.
#21
Posted 13 September 2011 - 10:20 PM
#22
Posted 13 September 2011 - 10:26 PM
#23
Posted 14 September 2011 - 08:01 AM
Good hints and helpers may be found at forensicfocus. In the end you will need to change 1 byte to get the actual key (unless you did not use this "helper" and did everything by yourself, in which case you should be able to get the key without changing a single byte).
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users