Tuesday, March 11, 2014

RuCTF Quals 2014 Stegano 100 - Cat's eye

We're given a tiny gif image for this challenge:







So, first things first, I opened the image using StegSolve.  I saved all 8 frames using the frame browser. I then wrote a python script (using PIL) that XOR'd the images pixel with each other.  The output was an image that looked similar to this:







I couldn't find any hidden data within the pixels of the image.  I then realized that the frames were using palettes, so the mode for the image in python was labeled as 'P'.  I decided to convert each one of the frames to mode 'RGBA' instead, because, originally, when I would get a pixel, it return a single value.  This way, I could then XOR each red, green, blue, and alpha value of each frame with each other.

I then modified my current script to XOR each of these 'RGBA' mode frames with each other.

I never checked the alpha channel previously or if the image originally had an alpha channel.  So, naturally I then found that there was no difference in the new images alpha channels.  I then set all alpha channel values to 255, so I could visually see the image (the XOR results were 0 since there was no difference between the images.)

I also noticed how some red pixels of the newly created XOR'd image were not all 0.  I then set any red pixel value that was not 0 to 255 so I could easily view a hidden image if there was one. The resulting image was this:







I immediately though that there was some sort of hidden text within those pixel values that were set.  So, I open the image in StegSolve.  I checked the red channel for steganography and found the key:




























 The key is  RUCTF_e4dd9f5cee307b322c3a27abe66e3df9


Source code for my script can be found here.

No comments:

Post a Comment