Firebird - Secret Code

Wireshark Extract Bmp

Wireshark: File -> Export Objects: HTTP -> Save as bmp --> can't open!

file and exiftool shows not bmp format or format error. Checked lecture notes and found maybe it's XOR encrypted

XOR Brute Force

Cyberchef XOR with key = "Romantic 5" -> no result *Note this is the password for agent HTTP login in pcap

Because BMP image has a header starting with "BM", try brute force with known crib "bm" Two possible keys: df and ff

Got the image!

Attack script

stegano-red
- stegano-red reveal -i secret_mission_xor_decrypted.bmp
- not working
crypto algorithms?
- maybe encrypted stegseek result?

zsteg -a secret_mission_xor_decrypted.bmp > zsteg_all_output.txt b6,rgb,lsb,yx,prime .. file: PGP symmetric key encrypted data - Blowfish (128 bit key, 16 rounds)

PreviousFirebird - Escape Again NextFirebird - M$Office Meta Reader

Last updated 2 years ago