Steganography Challenge EZ (331 Points)
In Securinets Prequals CTF 2K19 I came across this challenge named EZ(misc category).
Looking at the image, I tried with basic steganography tools (stegsolve,checked strings, binwalk etc etc) but all of them failed.
After that I started looking for Least Significant Bits (LSB), and used the tool Zsteg (https://github.com/zed-0xff/zsteg).
root@kali:~/Desktop# zsteg -a pic.png
-a is used for trying all known methods
Though it gave us the initial line inside but rest of the stuff provided was gibberish. Our goal is to find a word, but using finding that string via zsteg confirmed it had something to do with LSB.
Concept of LSB-Steganography
What is LSB?
Least Significant bit also called RightMost Bit is a lowest bit of a binary number. For example in binary number 10010010, “0”is the least significant bit.
What is LSB-Steganography?
LSB-Steganography is a steganography technique in which we hide messages inside an image by replacing Least significant bit of image with the bits of message to be hidden.
By modifying only the first most right bit of an image we can insert our secret message and it also make the picture unnoticeable, but if our message is too large it will start modifying the second right most bit and so on and an attacker can notice the changes in picture.
(source : https://www.cybrary.it/0p3n/hide-secret-message-inside-image-using-lsb-steganography/ )
So the main idea is changing just the last bit wont show a significant change in the rgb values, therefore the image will look similar, though it now contains the data.
Therefore I wrote a python script to read an image, get the RGB values then convert it into binary (with 8bit representation) and then concatenate the Least Significant Bits. After that just convert them into binary.
Now all what we require is to find the deleted word, so just googling the few lines from the text we find the deleted word as memorandum-book
Therefore as given in the challenge we need to hash the word via sha-1 and then convert it to lower case.
Adding the flag format format with the hash the final flag is:
Securinets{b47f0d2a8866a75696f94a515d0cdf54c7ea3174}
