Rating:

Decompiling the given jar reveals an Embedder class that performs the steganography on the given image. The byte stream to be embedded is the payload prepended by an array of 8 magic numbers:

```
ByteArrayOutputStream bos = new ByteArrayOutputStream();

try {
bos.write(this.MAGIC_NUMBER);
bos.write(Files.readAllBytes(Paths.get(payloadPath, new String[0])));
} catch (IOException e) {
System.err.println("Unable to load " + payloadPath);
System.exit(1);
}
```

Each byte of this byte stream is embedded in its respective row in the image (the first byte is embedded in the first row and so on). The x position for each bit is then determine using an RNG seeded with the password:

```
int seed = password.codePointAt(i % password.length());
seed ^= i * i * password.codePointAt((i + password.length() - 1) % password.length());
Random rnd = new Random(seed);
```

If the x position has already been used for that row, the next available x position is chosen:

```
int x = rnd.nextInt(this.img.getWidth());
do {
x = (x + 1) % this.img.getWidth();
} while (used.contains(Integer.valueOf(x)));
used.add(Integer.valueOf(x));
```

Since we know what bytes will be embedded in the first 8 rows of the image, we can brute force the first 8 bytes of the password (its maximimum length) by seeding the standard java RNG with the candidate password characters and see if the bits at the outputted positions match the magic number. The bit that is changed at each position is the LSB of the green channel.

We can then use all the possible characters that produce the magic numbers in the first 8 rows and see which sequences match (i.e., the second character that produced the second seed should be equal to the first character in the password). Using this technique, we find that password was N3K0neko. We can then easily use this password to decrypt the flag and find that the flag is: HarekazeCTF{the_building_in_the_picture_is_nagoya_castle}.