{"id":12964,"date":"2016-06-23T17:58:10","date_gmt":"2016-06-23T15:58:10","guid":{"rendered":"http:\/\/www.codilime.com\/?p=12964"},"modified":"2016-12-07T12:54:56","modified_gmt":"2016-12-07T11:54:56","slug":"backdoorctf16-lossless","status":"publish","type":"post","link":"https:\/\/codisec.com\/backdoorctf16-lossless\/","title":{"rendered":"Lossless"},"content":{"rendered":"

Link: https:\/\/backdoor.sdslabs.co\/challenges\/LOSSLESS<\/a>
\nAuthor: Arpit Singla
\nPoints: 100
\nCategory: stegano<\/p>\n

Description<\/h2>\n

d4rth used his dirty methods to hide a secret in a png file. He is cleverly trying to divert your focus from challenge, but the force is strong with you. Now extract the flag from these images, my young padawan.
\noriginal.png<\/a>
\nencrypted.png<\/a><\/p><\/blockquote>\n

tl;dr<\/h2>\n

Subtract both images. LSB is changed by 1 in encrypted.png<\/code>.<\/p>\n

Solution<\/h2>\n

We have been given two images, seemingly identical:
\noriginal:
\n\"original\"
\nand encrypted:
\n\"encrypted\"<\/p>\n

When compared with ImageMagick, by:
\ncompare original.png encrypted.png difference.png<\/span>
\nan encrypted message can be spotted in the upper left corner.<\/p>\n

\"difference\"<\/p>\n

With a bit of work in GIMP we end up with the following image:<\/p>\n

\"solution\"<\/p>\n

The data is a 49×7 binary matrix, which looks like vertically written, binary encoded, ascii letters. The first one is a capital letter, as it begins with 10<\/code>, while the others are lower case letters (begin with 11<\/code>). Also we can see spaces (0100000<\/code>).<\/p>\n

Let’s decode the hidden message. We’ve rotated the image by 90 degrees counter-clockwise and exported it in BMP format. Then, treating the image body<\/i> as a data hexdump, we’ve replaced all 00 00 00<\/code> with 1<\/code> and all ff ff ff<\/code> with 0 <\/code>. Lastly, we’ve added leading zeros to every group of seven bits.<\/p>\n

Utilitarian script (in python 2.7) to transform the data:<\/p>\n

data = 'some hexes from image'\r\ndata = data.replace('00 00 00', '1').replace('ff ff ff', '0').replace(' ', '')\r\ndata = ''.join['0' + data[i:i+7] for i in xrange(0, len(data)\/7)]\r\nimport binascii\r\nprint binascii.unhexlify('%x' % int(data,2))<\/pre>\n
The decoded data is printable ASCII string, which happens to be the flag.<\/p>\n","protected":false},"excerpt":{"rendered":"
Link: https:\/\/backdoor.sdslabs.co\/challenges\/LOSSLESS Author: Arpit Singla Points: 100 Category: stegano Description d4rth used his dirty methods to hide a secret in a png file. He is cleverly trying to divert your focus from challenge, but the force is strong with you.…<\/span> <\/p>\n
Read more ›<\/div>\n
<\/a><\/p>\n","protected":false},"author":6,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[16],"tags":[17,18],"yoast_head":"\n\n\n\n\n\n\n\n\n\n\n\n\n\t\n