Recently I came across a CTF topic, what is the only picture above? I can’t see anything. Today look at the CTF picture steganography topic, hidden in the picture some unknown flag?
The address of this experiment is: Steganography of THE CTF Stegano Exercise 6.
Let’s start with the problem. Two files pic1.jpg and pic2.jpg are provided in the C: Stegano\6 directory on the experimental host. Please analyze these two files and find a string Flag composed of two English words.
Both of these images look and feel similar and are full of black and white pixels. How to find the flag?
Here is a artifact StegSolve. Use StegSolve to extract the Flag and Open StegSolve on the desktop. Then select menu items “File” and “Open” to Open pic1.jpg. Then select the menu item “Analyse”, “Image Combiner” select pic2.jpg file and the default XOR operation will see the Flag, as shown in the picture:
After a simple analysis, we found that both images were 300 by 300 and the file size was 71.6KB, so it was impossible to hide additional data in either file. Then we can combine the two files for analysis, that is, XOR, ADD, SUB and other operations on the PIXEL RGB values of the two files to see whether useful information can be seen. StegSolve can realize these operations conveniently.
But the use of tools is also a little bad, that is, the scalability of the work is almost zero, can not be batch automated processing, and for their own scripts, naturally can be very convenient to expand, can be customized according to the actual needs, and batch automation processing.
It is highly recommended to use Python’s PIL library for this type of topic. The source code for the script “C: Stegano\6\ xorimg.py” is as follows:
#! /usr/bin/env python
# — coding:utf-8 —
from PIL import Image
def loadImage(filename):
img = Image.open(filename)
width, height = img.size
img = img.convert(“RGB”)
pixel = img.load()
return width, height, pixel
def combineImage(file1, file2, file3):
w1, h1, p1 = loadImage(file1)
w2, h2, p2 = loadImage(file2)
width = min(w1, w2)
height = min(h1, h2)
img = Image.new(“RGB”, (width, height))
pix = img.load()
for y in xrange(0, height):
for x in xrange(0, width):
r1, g1, b1 = p1[x, y]
r2, g2, b2 = p2[x, y]
pix[x, y] = r1^r2, g1^g2, b1^b2
img.save(file3)
if name == “main“:
combineImage(“pic1.jpg”, “pic2.jpg”, “pic3.jpg”)
Double click to run the Python script and you’ll get pic3.jpg. Open the image and you’ll see the Flag string, AZADI TOWER.
The script code is relatively simple, roughly is to use the loadImage function to get the length, width and pixel matrix of the image, and then perform xOR operations on the pixels of the two matrices in the function combineImage, and save them in the third image. Note that when the two images are not the same size, we do the extra processing by taking only the minimum length and width.
But all you have here is the XOR script and nothing else.
Let’s go ahead and write a generic script that we can modify to increase its extensibility flexibility by defining a single operation function to implement common processing functions. For example, we can define functions for xOR, OR, and to get three different processing results. The source code of the script “C: Stegano\6\ combineimg.py” is as follows:
#! /usr/bin/env python
# — coding:utf-8 —
from PIL import Image
def xorFun(x, y):
return x^y
def orFun(x, y):
return x|y
def andFun(x, y):
return x&y
def loadImage(filename):
img = Image.open(filename)
width, height = img.size
img = img.convert(“RGB”)
pixel = img.load()
return width, height, pixel
def combineImage(file1, file2, file3, func):
w1, h1, p1 = loadImage(file1)
w2, h2, p2 = loadImage(file2)
width = min(w1, w2)
height = min(h1, h2)
img = Image.new(“RGB”, (width, height))
pix = img.load()
for y in xrange(0, height):
for x in xrange(0, width):
r1, g1, b1 = p1[x, y]
r2, g2, b2 = p2[x, y]
pix[x, y] = func(r1,r2), func(g1,g2), func(b1,b2)
img.save(file3)
if name == “main“:
combineImage(“pic1.jpg”, “pic2.jpg”, “xor.jpg”, xorFun)
combineImage(“pic1.jpg”, “pic2.jpg”, “or.jpg”, orFun)
combineImage(“pic1.jpg”, “pic2.jpg”, “and.jpg”, andFun)
This problem is not only about learning the code, but also about finding steganography information from the problem. The CTF competition is so competitive because of the difficulty of the questions.