Cheap Facades

Steganography [400pts]

Description: We’ve found a JPEG, but it doesn’t seem to open in any of our editors. Can you see what’s going on?

We are given a flag.jpg that won’t open in any photo viewer. So looking at it in a hex editor we see some strange occurrences.

The image has a JFIF in the header (for jpgs) and IHDR + IDAT (for PNGs). It seems that there is a broken header in this image and it is not really a jpg, but more like a PNG. There is even an IEND at the bottom of the file.

The next step is to replace the broken header with a valid PNG header. Valid PNG headers look like this:

After replacing our broken header image with a valid PNG header, we run pngcheck only to find that it has invalid dimensions 0x0. This is a similar problem to Dimensionless Load (https://elnath.io/2020/06/09/dimensionless-loading/) and requires us to fix the issue.

I used the same python script as I did for Dimensionless Load:

After letting it run, it turns out the dimensions were: 420 x 69

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s