p4-team
diff --git a/‎2019-12-01-ctfzone-quals/README.md
+7 b/‎2019-12-01-ctfzone-quals/README.md
+7
diff --git a/‎2019-12-01-ctfzone-quals/classifier9000/README.md
+41 b/‎2019-12-01-ctfzone-quals/classifier9000/README.md
+41
diff --git a/‎2019-12-01-ctfzone-quals/classifier9000/car.jpg
14.9 KB b/‎2019-12-01-ctfzone-quals/classifier9000/car.jpg
14.9 KB
diff --git a/‎2019-12-01-ctfzone-quals/classifier9000/car2.jpg
26.8 KB b/‎2019-12-01-ctfzone-quals/classifier9000/car2.jpg
26.8 KB
diff --git a/‎2019-12-01-ctfzone-quals/classifier9000/racer.jpg
29.6 KB b/‎2019-12-01-ctfzone-quals/classifier9000/racer.jpg
29.6 KB
diff --git a/‎2019-12-01-ctfzone-quals/classifier9000/server.py
+52 b/‎2019-12-01-ctfzone-quals/classifier9000/server.py
+52
diff --git a/‎README.md
+1 b/‎README.md
+1
@@ -0,0 +1,7 @@
+# CTFZone 2019 quals
+
+Team: (...)
+
+### Table of contents
+
+* [Classifier9000](classifier9000)
@@ -0,0 +1,41 @@
+# Classifier9000
+
+In this task we have access to a neural network image classifier which returns `(predictions, percentage_probabilities)` pair for each input image. We also have starting image "car.jpg" which is classified as `sports_car`. The task is to forge this image to be classified as `racer`.
+
+![car.jpg](car.jpg)
+
+The classifier has web interface and its source code in python is available. The analysis of source code (server.py) revealed two important observations:
+
+- the input image is required to be the same size as "car.jpg" which is 224 x 224 px,
+- the relative difference between the input image and "car.jpg" cannot exceed 2.
+
+The first step was to obtain any image which is classified as `racer`. Eventually we found appropriate image and saved it as "racer.jpg"
+
+![racer.jpg](racer.jpg)
+
+The initial idea was to modify this image to exploit `diff(I, BASE_IMAGE) > 2` condition. It may be achieved when the output value of `diff` function is `nan`, for example with following transformation:
+
+```
+I = np.asarray(Image.open('racer.jpg'))
+I2 = 1.1 * I - np.log(I)
+```
+
+and new image I2 was still classified as `racer` with 14.859884977340698 probability.
+
+However we could not directly pass the image from the memory to web classifier. We first needed to save it as a file. Unfortunately, during this operation pixel values were rescaled to 0-255 range. This is why this approach was abandoned.
+
+
+Another idea was to use both "car.jpg" and "racer.jpg" to create falsified image. The new image should be very similar to "car.jpg" but with some characteristics from "racer.jpg" to deceive the classifier. This was successful with the following code:
+
+```
+I3 = 0.8 * BASE_IMAGE + 0.1 * I**2
+mpimg.imsave('car2.jpg', I3.astype('uint8'))
+I3 = np.asarray(Image.open('car2.jpg'))
+prediction.predictImage(I3, result_count=1, input_type="array")
+```
+
+![car2.jpg](car2.jpg)
+
+The result of `diff(I3, BASE_IMAGE)` is 1.4934139792559178 which is less than 2. And the output of `prediction.predictImage(I3, result_count=1, input_type="array")` is `racer` with 40.07074534893036 probability.
+
+Finally we have the flag! `ctfzone{f1r3-f1r3-pwn-7h3-cl4551f13r}`
@@ -0,0 +1,52 @@
+from flask import Flask, request, redirect
+from imageai.Prediction import ImagePrediction
+import numpy as np
+from PIL import Image
+import os
+
+app = Flask(__name__)
+
+
+# Heard that these kind of models are vulnerable to adversarial attacks
+prediction = ImagePrediction()
+prediction.setModelTypeAsResNet()
+prediction.setModelPath("resnet50_weights_tf_dim_ordering_tf_kernels.h5")
+prediction.loadModel()
+
+BASE_IMAGE = np.asarray(Image.open("car.jpg"))
+
+def normalize(arr):
+    rng = arr.max()-arr.min()
+    amin = arr.min()
+    return (arr-amin)/rng
+
+
+def diff(arr1, arr2):
+    arr1 = normalize(arr1)
+    arr2 = normalize(arr2)
+    distance = arr1 - arr2
+    return np.max(np.sum(np.square(distance).reshape(arr1.shape[0], -1), axis=1))
+
+
+
+@app.route('/task/upload/', methods=['POST',])
+def hello_world():
+    answer = {
+        "status": "fail to recognize image"
+    }
+    if request.method == 'POST':
+        f = request.files['file']
+        I = np.asarray(Image.open(f))
+        if I.shape != (224,224, 3):
+            return redirect(os.getenv("base_url", "http://0.0.0.0:8000") + "/fail.html")
+        if diff(I, BASE_IMAGE) > 2:
+            return redirect(os.getenv("base_url","http://0.0.0.0:8000" ) + "/fail.html")
+        predictions, percentage_probabilities = prediction.predictImage(I, result_count=1, input_type="array")
+        answer['classification_result'] = predictions[0]
+        if answer['classification_result'] == 'racer':
+            return {"flag": os.getenv("FLAG", "tutbudetflag")}
+    return redirect(os.getenv("base_url", "http://0.0.0.0:8000" ) + "/sportscar.html")
+
+
+if __name__ == '__main__':
+    app.run("0.0.0.0", 1488)
@@ -2,6 +2,7 @@
 
 ## 2019
 
+* [2019.12.01 **CTFZone 2019 quals**(9th place/1040 teams)](2019-12-01-ctfzone-quals)
 * [2019.11.16 **ASIS CTF 2019 Finals**(5th place/357 teams)](2019-11-16-asis-finals)
 * [2019.11.14 **Dragon CTF 2019 Finals**(1st place/14 teams) on site](2019-11-14-dragon-finals)
 * [2019.11.07 **DefCamp CTF 2019 Finals**(2nd place/16 teams) on site](2019-11-07-defcamp-finals)