Rating:
Description
An acronym is a word or name formed as an abbreviation from the initial components of a phrase... You will need that. Detective Pi Output.png
Note: The flag is not in flag format, please wrap it in format when you submit.
Solution
We are given a PNG file , So I started as I usually do i.e using stegoveritas
on the image. It gave out some trailing data but it was kinda junk.
I looked at the exif of the image and it said theres some extra data after IEND
chunk.
Since this is a png
we cannot use steghide
on this but we can try to use zsteg
.
We can see that zsteg emits out the extra data and it looks like it's another PNG file. We can extract it properly and keep it in a file.
➜ zsteg -E "extradata:0" output.png > extracted.png
But this new image is broken. Let's see what's missing in this image.
➜ xxd -l8 extracted.png
00000000: 504e 470d 0a1a 0a00 PNG.....
The actual PNG header is 8950 4e47
like in the original output.png
➜ xxd -l8 output.png
00000000: 8950 4e47 0d0a 1a0a .PNG....
You can open the extracted.png
in hex editor and add 89
in the starting.
That will give you a proper image having a pikachu
Again used stegoveritas
on that pikachu image and it gave out an image with QR.
Scanning that QR code we get http://www.diff.vn/en/
. Visting that website was deadend. So we focus on the text in that pikachu image.
Bluestego, I found it.Just need one more thing to get the truth!!
So I google bluestego
and found BinhHuynh/bluestego
First we(me and @UnblvR) tried to use the script on the pikachu
image and got nothing. Then @UnblvR was able to figure out that we need to use it on the original image i.e output.png
. And also he figure out that the key should be DIFF
on the blue
bit.
FALG: ISITDTU{D4N4NG_1S_MY_L0V3}