I had the chance to learn a new way to solve a steganographic challenge when I tried to solve a CTFLearn flag challenge. This article entails what are the key learnings associated with the problem and how to solve it.
Link to the challenge.
Steganography
Steganography is the process of hiding a message in another message or in a physical object. A computer file, message, image, or video is hidden inside another file, message, image, or video in a computing or electronic context.
Information can be hidden in computer files as part of steganography. In digital steganography, steganographic coding can be hidden inside a transport layer, like a document file, an image file, a program, or a protocol. Because media files are so big, they are perfect for sending information using steganography. For instance, the sender could start with a harmless image file and change the color of every hundredth pixel so that it matches a letter of the alphabet. The change is so small that most people wouldn’t notice it if they weren’t looking for it.
The following image was presented with the following challenge prompt:
the flag is outside of the pic, try to find it. another hint: dimensions, dimensions, everything is in dimensions.
By the first hint, I attempted exiftool on the image and found this –
Here, we can view the image’s height and width. Now, I was searching for alternative picture scaling methods, the majority of which just warped and stretched the image. Therefore, I looked for ways to alter these proportions such that the picture grows rather than stretches.
I was familiar with Magic Bytes and how headers may be altered. Therefore, I considered if it is feasible to alter the dimension using magic bytes.
Before Delving into the Solution, let us learn a bit about magic bytes and jpeg/jpg formats.
Magic Byte
A magic byte is a signature/data used to identify or validate the content of a file. Typically, the first few bytes of the hexadecimal bits are called magic bytes, which might indicate the file format.
JPG (or JPEG) Files
According to the Wikipedia entry for JPEGs: JPEG is a commonly used method of lossy compression for digital images, particularly for those images produced by digital photography. JPG files usually end in a .jpg or .jpeg extension and are images created using JPEG compression.
Having a look at the JPEG Magic Bytes –
Further Resources:
Further investigation regarding the size manipulation, led me to this StackOverflow thread. Where it says,
You can locate JPEG’s SOF0
marker (0xC0
) and it is followed by 16-bit length, and then bits per pixel (8 bit), height (16 bit), width (16-bit), and component count (8 bit). All values are in network byte order.
Which means, the C0 follows with data related to the size. We hexedit the image from the challenge and find this –
Detailing out what the bytes implicate –
Now, we may vary the image’s height and width to observe the resulting changes.
Changing the hexbits allowed us to successfully modify the image’s height and width without distorting or stretching it.
This is a simple example of steganography, where information can be concealed in the height and width of a picture.