Rating:

## Solution
Viewing the provided PNGs in a hex editor we see that they each have a valid header, but the pixel data appears to be noise. This is a common CTF challenge: the two PNG files are XORed with the same key. If we XOR the pixels of the provided files together we will have an image that is a composite of the original PNG pixels.

The provided images can be expressed as:

![](https://chart.googleapis.com/chart?cht=tx&chl=C_{1}%20%3D%20P_{1}%20\oplus%20K)

![](https://chart.googleapis.com/chart?cht=tx&chl=C_{2}%20%3D%20P_{2}%20\oplus%20K)

where ![]({{ equation }}C_{n}) is the encrypted pixels, and ![]({{ equation }}P_{n}) is the original PNG pixels. Based on the nature of XOR, any value XORed with itself is `0`, and any value XORed with `0` is itself. From this we can write the equation as:

![](https://chart.googleapis.com/chart?cht=tx&chl=C_{1}%20\oplus%20C_{2})

![](https://chart.googleapis.com/chart?cht=tx&chl=P_{1}%20\oplus%20K%20\oplus%20P_{2}%20\oplus%20K)

![](https://chart.googleapis.com/chart?cht=tx&chl=P_{1}%20\oplus%20K%20\oplus%20K%20\oplus%20P_{2})

![](https://chart.googleapis.com/chart?cht=tx&chl=P_{1}%20\oplus%200%20\oplus%20P_{2})

![](https://chart.googleapis.com/chart?cht=tx&chl=P_{1}%20\oplus%20P_{2})

As we see, the key is cancelled out from the equation, resulting in the XOR of the original pixels from each image. This results in a blend of the two images that can usually be viewed to see the contents of the original images.

`gmic` can be used to quickly XOR the PNG pixels of the two images with the command `gmic crypted1.png crypted2.png -blend xor -o xor.png`. The resulting image contains the flag:

![](https://malcrypt.gitlab.io/blog/ctfs/2021/tenable/images/secret_images/xor.png)

## Flag
**flag{otp_reuse_fail}**

Original writeup (https://malcrypt.gitlab.io/blog/ctfs/2021/tenable/stego/secret_images/).