RSS
 

HACKvent 2015: Day 13

13 Dec 2015
CTF: Hackvent 2015
Link to challenge: http://hackvent.hacking-lab.com
Date Completed: 13 December 2015

Challenge

The following image was also provided:

Day 13 Ball

Solution

First I suspect the common least significant bit steganography technique has been used here where the least two or one significant bit(s) of the image have been changes so other images can be hidden without affecting the appearance of the first image by much.

I load up Matlab as it is fairly good for image processing and write a little script to gather the least significant bit of each RGB channel for every pixel (this is based off a script I wrote for HV14).

I end up with this code:

Now, I added the RGB channels least significant bits together and observe the image that is produced.

I get:
Secret image R+G+B

I can read the text on the image but its clear that each RGB channel contains something different. I run the script three more times and change  res(i,j) = R + G + B  to  res(i,j) = R then res(i,j) = G  and finally  res(i,j) = B

After this I get three clear images:

Red Channel

Red Channel Image

This is a message telling us that we should look elsewhere. Nothing special but a sweet Mario reference!

 

Blue Channel

Blue Channel Image

This one is interesting, its telling us to look at XKCD comic number #26 which is available here.

Comic:

XKCD 26 Fourier

Seems interesting and important.

 

Green Channel

Green Channel Image

This image also seems important. I try to convert all the bits within to ASCII but no luck. I scan the image for QR codes and barcodes and do fine some UPC_E barcodes but they just happened to be created by coincidence.

 

Putting it all together

Finally, I think about the XKCD comic and discover (through research) that you can hide images within images using a Fourier transform. I try to do this within Photoshop but my plugin was not compatible or perhaps it was corrupt. Gimp should have a FFT filter but I did not have access to linux at the time. So I found an online tool that performs Fourier transformations to images (link).

I use the online tool on the original Christmas ball image (because the excess amounts of green blobs in the center of the image make it the primary candidate) and get this result:

Fourier Secret Image

A secret message is found which says:  f0uRier-ru1ez

We put this in the ball-o-matic and get it gives us the ball which we scan to get our flag!

Day 13 Solution Ball

Flag:  HV15-1W0A-gTOY-bOpM-mexV-LoAz

 
No Comments

Posted in Hackvent 2015

 

Leave a Reply