[OWASP_PHPSEC] [Offtopic] Decrypting information out of an image

Maarten Hoogveld m.hoogveld at elevate.nl
Fri Oct 4 14:11:58 UTC 2013


I kinda like the fact that you found something which they probably didn't
know was there :)


--
Met vriendelijke groet, Kind regards,
Maarten Hoogveld
Elevate BV


On Fri, Oct 4, 2013 at 4:09 PM, Shivam Dixit <shivamd001 at gmail.com> wrote:

> Thank you guys ! Maarten's and abhishek's method is definitely better.
>
>
> On Fri, Oct 4, 2013 at 7:16 PM, Abhishek Das <das.abhshk at gmail.com> wrote:
>
>> +1 to Maarten's method. It's visible even if you tilt your screen a bit
>> and see. All it needs is a bit of in-browser -webkit-filter tweaking or
>> levels in gimp adjustment.
>>
>>
>> On Fri, Oct 4, 2013 at 7:13 PM, Maarten Hoogveld <m.hoogveld at elevate.nl>wrote:
>>
>>> I found the same thing in a different way actually. I just played around
>>> with the color-levels in gimp, to make the difference between white and
>>> almost-white (very light grey) visible. It can emphasize the contrast.
>>> I saw the grid clearly then, but also saw the text
>>> flag{youKnowWhosTheBoss} in the image itsself. (See for youself<http://imgur.com/IniFKKK>
>>> )
>>> I think that whould have been what you were supposed to find :)
>>> They probably left some meta data lying around :)
>>> Nice find!
>>>
>>>
>>>
>>> --
>>> Met vriendelijke groet, Kind regards,
>>> Maarten Hoogveld
>>> Elevate BV
>>>
>>>
>>> On Fri, Oct 4, 2013 at 2:53 PM, Minhaz A V <minhazav at gmail.com> wrote:
>>>
>>>> youKnowWhosTheBoss :)
>>>>
>>>>
>>>> On Fri, Oct 4, 2013 at 5:21 PM, Shivam Dixit <shivamd001 at gmail.com>wrote:
>>>>
>>>>> Hello all
>>>>>
>>>>> Thank you for your suggestions. I was able to solve the question and
>>>>> it was much *simpler* than I was expecting and it only required *reading
>>>>> meta data* and finding the value of "*flag*". I was able to scan
>>>>> through meta data using a tool provided on this website :
>>>>>
>>>>> http://imgops.com/
>>>>>
>>>>> The name of tool is *metapicz. *
>>>>>
>>>>>
>>>>>
>>>>> On Fri, Oct 4, 2013 at 3:26 PM, Minhaz A V <minhazav at gmail.com> wrote:
>>>>>
>>>>>> My bad just googled "stenography" and got to know Abbas and Maarten
>>>>>> were suggesting the same..:D
>>>>>>
>>>>>>
>>>>>> On Fri, Oct 4, 2013 at 3:21 PM, Maarten Hoogveld <
>>>>>> m.hoogveld at elevate.nl> wrote:
>>>>>>
>>>>>>> Just a tip to prevent you spending hours looking at difficult to
>>>>>>> read text, it's possible to solve in under 5 minutes.
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Met vriendelijke groet, Kind regards,
>>>>>>> Maarten Hoogveld
>>>>>>> Elevate BV
>>>>>>>
>>>>>>>
>>>>>>> On Fri, Oct 4, 2013 at 11:47 AM, Minhaz A V <minhazav at gmail.com>wrote:
>>>>>>>
>>>>>>>> Shivam,
>>>>>>>> out of curiosity I downloaded this image from doc and opened it in
>>>>>>>> notepad++ and while going through its source I found something strange.
>>>>>>>> It had a lot of English words which included those like *Typeenum,
>>>>>>>> bottomOutsetlong, printOutputOptions*
>>>>>>>> which are not available in normal images so just have a look if
>>>>>>>> this can be of any help (otherwise I doubt this has something to do with
>>>>>>>> Photoshop).
>>>>>>>>
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>> Minhaz
>>>>>>>>
>>>>>>>>
>>>>>>>> On Fri, Oct 4, 2013 at 2:40 PM, Maarten Hoogveld <
>>>>>>>> m.hoogveld at elevate.nl> wrote:
>>>>>>>>
>>>>>>>>> Hi Shivam,
>>>>>>>>>
>>>>>>>>> You could dive into converting the image in a 2-D array of
>>>>>>>>> intensity values and maybe even extracting the R, G and B channels
>>>>>>>>> separately. Then analyze that data for patterns and slight deviations which
>>>>>>>>> could indicate steganography of some sort.
>>>>>>>>> However, I would first pick the low hanging fruit and just look at
>>>>>>>>> the image. I see that the image is white with a very light grid. You could
>>>>>>>>> try to load the image in gimp <http://www.gimp.org/> or paint.net<http://www.getpaint.net/>and see if you can see something more when you zoom in so you can see
>>>>>>>>> individual pixels or adjust contrast, etc.
>>>>>>>>> Good luck!
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Met vriendelijke groet, Kind regards,
>>>>>>>>> Maarten Hoogveld
>>>>>>>>> Elevate BV
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Thu, Oct 3, 2013 at 10:08 PM, Shivam Dixit <
>>>>>>>>> shivamd001 at gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> Hello all
>>>>>>>>>>
>>>>>>>>>> Not much discussions on this list nowdays, so I thought of
>>>>>>>>>> sharing one of the questions which I came across recently in college CTF,
>>>>>>>>>> and was unable to solve it.
>>>>>>>>>>
>>>>>>>>>> The question is the image below :
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> https://docs.google.com/file/d/0B4G8EjUmqNchUlg1cGI3UFl4SEE/edit?usp=sharing
>>>>>>>>>>
>>>>>>>>>> (Image is white, with some grids)
>>>>>>>>>>
>>>>>>>>>> I have to decrypt some information out of it. I am not able to
>>>>>>>>>> think from where to start. I am *not* good at Image processing.
>>>>>>>>>> Please give me some suggestions on how to start ?
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> *Cheers,*
>>>>>>>>>> *Shivam*
>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> OWASP_PHP_Security_Project mailing list
>>>>>>>>>> OWASP_PHP_Security_Project at lists.owasp.org
>>>>>>>>>>
>>>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> OWASP_PHP_Security_Project mailing list
>>>>>>>>> OWASP_PHP_Security_Project at lists.owasp.org
>>>>>>>>> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> *Cheers,*
>>>>> *Shivam*
>>>>>
>>>>
>>>>
>>>
>>> _______________________________________________
>>> OWASP_PHP_Security_Project mailing list
>>> OWASP_PHP_Security_Project at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>>>
>>>
>>
>>
>> --
>> Abhishek Das
>>  IIT Roorkee
>>
>> _______________________________________________
>> OWASP_PHP_Security_Project mailing list
>> OWASP_PHP_Security_Project at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>>
>>
>
>
> --
> *Cheers,*
> *Shivam*
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20131004/2adc465c/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list