Emma - PragyanCTF Stego
Here is our original picture. It is a picture of Emma Watson in an event. We are to extract the flag from this image.
I checked for common anomalies in the picture but, couldn’t find any. No extra information in the metadata or the blob content of the image. Then I suspected if it is LSB steganography and checked for it too. But, there could be no meaningful data extracted from the LSB bits.
Then came in TinEye and Google’s reverse image search. I got my hands on the original image. Ran a diff between the original and given image to get the diff image as
You can see that the first row of pixels is completely red. There has been some kind of encoding done in the first row of pixels. Extracting the pixel data from the first row, showed something like this. This is a truncated output. It is in the format red-green-blue-alpha.
216 166 216 255
216 166 216 255
216 216 216 255
216 166 216 255
216 166 216 255
216 216 216 255
216 166 216 255
216 216 216 255
216 216 216 255
216 166 216 255
217 217 217 255
At first, it seemed that there was no pattern among the pixels (I figured that there must be repetition but, there were none). Then, I saw that some pixels had red, green, blue values the same while some others didn’t. Then, I wrote a simple script to mark it as 0 if the color values are equal and 1 if the values are not equal.
#!python
from PIL import Image
image = Image.open('the_bling_ring.png')
width, height = image.size
res = ''
results = []
for x in xrange(width):
r, g, b, a = image.getpixel((x, 0))
if r == g == b:
res += '0'
else:
res += '1'
print res
Running the script, gave the output
010101000110100001100101010111110110001001100101011000010111010101110100011110010101111101101111011001100101111101110000011000010111001001100001011001000110100101110011011001010101111101101001011100110101010001101000011001010101111101100010011001010110000101110101011101000111100101011111011011110110011001011111011100000110000101110010011000010110010001101001011100110110010101011111011010010111001101010100011010000110010101011111011000100110010101100001011101010111010001111001010111110110111101100110010111110111000001100001011100100110000101100100011010010111001101100101010111110110100101110011
Getting the ASCII characters from this binary string, gives us the flag
The_beauty_of_paradise_isThe_beauty_of_paradise_isThe_beauty_of_paradise_is