The DCM Meta

Misc

Challenge Description

  • Challenge type: Misc
  • File provided: challenge.dcm (DICOM file)
  • Given sequence: [25, 10, 0, 3, 17, 19, 23, 27, 4, 13, 20, 8, 24, 21, 31, 15, 7, 29, 6, 1, 9, 30, 22, 5, 28, 18, 26, 11, 2, 14, 16, 12]
  • Flag format: WGMY{...}

Challenge Files

Download Challenge.dcm

Solution Steps

1. Initial Analysis

  • The file was a DICOM format file (commonly used for medical imaging)
  • When trying to read it normally, encountered error about missing DICOM File Meta Information header
  • Used force=True parameter in pydicom to read the file anyway

2. Data Extraction

  • Used pydicom library to extract metadata
  • Found interesting metadata elements in group 0x0011
  • First field (0011,0010) contained "WGMY" - confirming flag format
  • Other fields contained byte values like b'f\x00\x00\x00'

3. Data Processing

  • Extracted all the values from metadata fields (0011,1000) through (0011,101F)
  • Cleaned up the data by removing b' prefix and \x00\x00\x00 suffix
  • Combined values into a single string: f63acd3b781277c1d7d3e700b5566535454

Solution Script


import struct
import pydicom

# Replace with the path to the DICOM file
file_path = "challenge.dcm"
sequence = [25, 10, 0, 3, 17, 19, 23, 27, 4, 13, 20, 8, 24, 21, 31, 15, 7, 29, 6, 1, 9, 30, 22, 5, 28, 18, 26, 11, 2, 14, 16, 12]

def reconstruct_flag(file_path, sequence):
    try:
        # Force read the DICOM file
        dicom_data = pydicom.dcmread(file_path, force=True)
        
        # Collect and decode metadata values
        decoded_values = []
        for elem in dicom_data:
            if elem.tag.group == 0x0011:  # Check for group 0011 elements
                if isinstance(elem.value, bytes):
                    decoded_value = elem.value.decode('utf-8').strip('\x00')
                    decoded_values.append(decoded_value)
        
        # Reorder the decoded values using the sequence
        reordered_values = [decoded_values[i] for i in sequence if i < len(decoded_values)]
        
        # Combine the reordered values into the flag
        flag = "WGMY{" + "".join(reordered_values) + "}"
        print(f"Flag: {flag}")
    except Exception as e:
        print(f"Error processing file: {e}")

# Run the function
reconstruct_flag(file_path, sequence)

Code Explanation

  • The script uses pydicom to read the DICOM file with force=True to bypass header validation
  • It extracts metadata values from group 0x0011
  • Decodes byte values and removes null bytes
  • Uses the given sequence to reorder the values
  • Constructs the final flag by adding WGMY{} wrapper