Our spies found this image. They think something is hidden in it… what could it be?

imaged.zip

Solution

Quite a huge PNG we got for this stego challenge!

After several failed attempts, including

  • image palette randomization
  • multiple variations of LSB
  • overlapping image partitions

we hopelessly executed strings on the image, being able to recover the first part of the flag -_-.

0 $ strings imaged.png | head -n 6
IHDR
9447
0PLTE
H40t
0l(t
{Ste

Notice 9447 and {Ste. Simple things are always the best.

The flag is encoded in the CRC fields of the PNG chunks. The following script is able to retrieve it by accessing the four-byte CRC blocks found in the image.

#!/usr/bin/python

import sys
from struct import unpack

def main():
with open(sys.argv[1], 'rb') as f:
png = f.read()
flag = ''
# skip png signature at the begninning
i = 8
while True:
# data len + chunk type + data + crc
i += 8 + unpack('>I', png[i:i+4])[0] + 4
flag += png[i-4:i]
if flag.endswith('}'):
break
print(flag)

if __name__ == '__main__':
main()

There you go

0 $ python decrc.py imaged.png
9447{Steg0_redunDaNcy_CHeck}