Home FPTU SecAthon 2020 | Forensics Writeup | FRS301
Post
Cancel

FPTU SecAthon 2020 | Forensics Writeup | FRS301

By n3ddih
Posted Oct 21, 2020 Updated Dec 28 1 min read

FRS301

Description

Download file: link

Machine Identification Code

Solution

Brief

  1. Convert the pdf files into images using pdftoppm
  2. Use deda to extract informations from images
  3. Grep serial number then extract data from that

Details

  • convert pdf to images
1

$ pdftoppm -png yellow_dot.pdf output

  • deda_parse_print to extract information from yellow dot

  • 1 file output example:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41

$ deda_parse_print yellow_dot-1.png
Detected pattern 4


_|0|1|2|3|4|5|6|7
0|
1|.
2|.
3|. .     . .   .
4|    . .   .
5|  .         . .
6|.
7|.
8|.     .     .
9|        .   . .
0|        .   . .
1|        .   . .
2|.           . .
3|.
4|        .   . .
5|  .   .   .
        37 dots.



<TDM of Pattern 4 at 0.00 x -0.00 inches>
Decoded:
        manufacturer: Epson
        serial: -775267-
        timestamp: 2018-11-11 11:11:00
        raw: 0000775267000018111111030011
        minutes: 11
        hour: 11
        day: 11
        month: 11
        year: 18
        unknown1: 00
        unknown3: 00
        unknown4: 00
        unknown5: 00
        printer: 00775267
  • Final script:
1

$ for file in `find . -name "*.png"`;do echo -n $(deda_parse_print $file | grep serial | grep -Eo [0-9]{6}) | sed 's/\(..\)/\1 /g' | awk '{printf "%c%c%c",$1,$2,$3}';done
CTF, Forensics Challenges
writeups forensics fusec20
This post is licensed under CC BY 4.0 by the author.

Recent Update

Contents