plaidCTF 2014 - doge_stege (for100)

For PlaidCTF2014, Eindbazen and fail0verflow joined forces as 0xffa, the Final Fail Alliance.
Don't miss out on other write-ups at Eindbazen's site!

This challenge was about extracting a (not very well) hidden message out of an image file:

doge_stege
Forensics (100 pts)
--------------
You were startled to learn the The Plague has been behind many of the
most popular internet memes. We believe he hides information in these
funny pictures with steganography in order to broadcast his messages
through time without detection. Find the hidden message, stop the
signal.

Original doge_stege Image

Obvious Stego is Obvious

The first thing to do with every file you get from a CTF challenge is to run the file command on it:

% file doge_stege.png
doge_stege.png: PNG image data, 680 x 510, 8-bit colormap, non-interlaced

Hmm, 8-bit colormap I bet there is something hidden by the palette used. Let’s have a look using gimp:

Doge in Gimp

Finding this menu item took most of the time. Not that it is hard to find, but we do specialize in fail here. Anyway, after changing the palette to some gradient with enough contrast, the predefined palette “Coldfire” is just fine, we get a nice result:

Remapped doge_stege Image

It is not difficult to spot, that, among some other new words, the flag pctf{keep_doge_alive_2014} appeared in the image.

comments powered by Disqus