https://github.com/trimscash/skiphead
skiphead can separate files into n-byte sections, analyze them, and output them.
https://github.com/trimscash/skiphead
cli ctf forensics steganography tool
Last synced: 5 months ago
JSON representation
skiphead can separate files into n-byte sections, analyze them, and output them.
- Host: GitHub
- URL: https://github.com/trimscash/skiphead
- Owner: trimscash
- License: cc0-1.0
- Created: 2024-02-29T22:57:35.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-03-13T19:17:56.000Z (over 1 year ago)
- Last Synced: 2025-01-07T22:56:42.490Z (6 months ago)
- Topics: cli, ctf, forensics, steganography, tool
- Language: Rust
- Homepage:
- Size: 92.8 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# skiphead
Forensic tool. Software that can separate files into n-byte sections, analyze them, and output them.
Useful when files are hidden and inserted every n bytes.
フォレンジックツール.ファイルをnバイトごとにskipして解析することができます.ファイルをnバイトごとに区切って解析し,出力できるソフト.
nバイトごとに別のファイルが挿入されている場合に便利です.
You can search for file types by combining parameters.
パラメータを組み合わせてファイルの種類を探索できます,
# Setup
```
git clone https://github.com/trimscash/skiphead ~
cd skiphead
cargo build -r
echo "export PATH=\$PATH:\$HOME/skiphead/target/release" >> ~/.zshrc
source ~/.zshrc
```
and use it.
Replace .zshrc with the one you are using
# Usage
```
Parse the header of the file skipped by n bytes and display the file type.
skiphead can search for file types by combining parameters.
Forensic app
Usage: skiphead [OPTIONS]
Arguments:
Options:
-s ...
Number of skips. Must be greater than 0 [default: 1 2 3] [short aliases: n]
-l ...
Length to pick up from that location. Must be greater than 0 [default: 0]
-o ...
Offset to start picking within that range. Must be greater than or equal to 0 [default: 0]
-f
Offset to start parsing the entire file [default: 0]
-c, --combinate
Combinate param mode. default mode is one on one
-x, --export-file
Whether to output the file [aliases: output, export, output-file]
-z, --only
Only non bin file
-p, --print
Print head of buffer
--output-directory
Output directory path [default: ./skiphead_out]
-h, --help
Print help
```
# Example
### picoCTF 2023 Invisible WORDs
https://play.picoctf.org/practice/challenge/354
この問題を以下のwriteupを参考にしながら`skiphead`で解く.
Solve this problem with `skiphead`, referring to the following writeup.
https://digitaltravesia.jp/CTF/picoCTF2023/picoCTF_2023_Writeup.html
ファイルオフセット`140 byte`から`4byte`ごとに`2byte`,別のファイルが挿入されている.
Every `4 bytes` from file offset `140 bytes` to `2 bytes`, another file is inserted.
これを`skiphead`でやると以下のコマンドでできる.
This can be done with `skiphead` by the following command.
```
skiphead output.bmp -f 140 -n 4 -l 2
```
このようにZIPヘッダであることがわかる.さらに,`--output`オプションをつけることで`./skiphead_out`にファイルを抽出することができる.
As you can see, it is a ZIP header. In addition, the `--output` option can be used to extract the file to `. /skiphead_out`.
```
skiphead output.bmp -f 140 -n 4 -l 2 --output
```
これを以下のコマンドで展開し,`"{"`で文字列を抽出するとフラグが得られる.
This is expanded with the following command, and the flag is obtained by extracting the string with `"{"`.
```
7z e skip_4_pick_offset_0_pick_length_2_file_offset_140
```
```
picoCTF{w0rd_d4wg_y0u_f0und_5h3113ys_m4573rp13c3_a23dfbd4}
```
# todo
- Contributions are welcome!
- ほしい機能があればコントリビュータになってください!