tinyCTF – Steg100

Steg100 Challenge.

Steg100 Challenge.

This stego challenge was pretty fun, it took me a bit of time to figure out the last parts, but I definitely learned a little bit more about how to attack challenges like these! Let’s get into it.

The only file provided was a PNG with three characters (Figure 1). The first thing to check of course is the image metadata. I pulled up fotoforensics.com, uploaded the image and pulled up the image metadata info (Figure 2). Conveniently, there was a tag called ‘Hint’, which linked to yet another PNG over on imgur. I pulled that image down and repeated the process above, but nothing else was revealed.

Figure 1 - Initial challenge image.

Figure 1 – Initial challenge image.

Figure 2 - Image metadata revealing hint.

Figure 2 – Image metadata revealing hint.

It was at this point my eyes glazed over and I got sucked into a maelstrom of steganography and digital forensics tools for a short while. Honestly I wasn’t too sure which direction I should go. I eventually put two and two together; could it be as simple as doing a file diff between the two images? I researched diffing binary files and finally settled on compare, which is: “The compare program is a member of the ImageMagick(1) suite of tools. Use it to mathematically and visually annotate the difference between an image and its reconstruction.”

This sounded promising! I looked up how to diff two images and magically, a third image was the result (Figure 3)!

compare stego100.png hint.png -compose src diff.png
Figure 3 - Result of diff of two images.

Figure 3 – Result of diff of two images.

QR Code, sweet. I uploaded it to zxing (Figure 4), where I was then able to grab the flag!

Figure 4 - QR code metadata.

Figure 4 – QR code metadata.

Flag: flag{#justdiffit}


Leave a Reply

Your email address will not be published. Required fields are marked *

The opinions and thoughts on this blog are those of Overflow Security members, and do not reflect those of our members employers.