Incognito 3.0 - STEG - xD
For this challenge we were given nothing more than a file named tv_chal.jpg.
As there was no hint nor description available, we approached this with some basic recon first…
<- Some recon to get an idea of what we need to do ->
Before we run the image file through any of our tools, let’s first do eog tv_chall.jpg to see if we can view the image before proceeding. Our image viewer throws
an error, telling us that it does not recognize the image as an actual JPEG.
Of course, we didn’t expect it to be as easy as that but nonetheless, it is always a good idea to run down the list of possible avenues to gain any extra info you can.
Next, we run some basic tools to get some more technical information about the image we are working with. We put the file through binwalk first with binwalk -e tv_chal.jpg
binwalk shows us that there is nothing here to extract. This leads us to believe that maybe we should look at the metadata as we now know the flag isn’t in a file that we need to extract. The image started life as a TIFF type. Nothing odd here so moving on to try to dig a bit deeper.
We fire up exiftool with exiftool -v tv_chal.jpg to take a look at the metadata of the file.
Here we find a couple of things of interest…
exiftool gives us a warning that we have an unknown 30-byte header. Then it proceeds to reset the file type as the header configuration is unrecognized which results in our inability to view the image in its current state. All of our recon has led us to assume that the image itself contains the flag and likely it is a matter of a corrupted header. We likely have ourselves a magic numbers issue.
<- Fixing the header ->
To take a look at the header we use hexeditor tv_chal.jpg and immediately we are able to see that the file signature for a JPEG file is not what we have here for the magic numbers.
Let’s fix that!
Now that the magic numbers have been corrected, we check eog tv_chal.jpg again to see if we can view the image now…
Looks like the issue was indeed just a corrupted header! And in the corner of the television in the image, we can see an image of some text. If we zoom in we can retrieve our flag.
