Bits n’ Bytes Stego Challenge(HTB)

Next to pwning boxes I love solving different types of challenges, that’s the closest thing to sudoku I’ll ever get in the IT sector. We get two pictures, the original(seen above) and the intercepted one which is almost identical to the original. My first thought was: “Alright this just screams differentiate me!!” This can be confirmed with the du -k command as there is a 4Kb difference between the original and the intercepted one.

Once we do a compare command(sudo apt install imagemagick-6.q16) we get a nice row of pixels all the way on the left.

Hmmm, what could this be… Morse code? It can’t be, there are too many variations of lengths. White and red…true and false…one and zero…Ohhhh it’s BINARY, not too complicated! Being a lazy person that I am, I couldn’t be bothered to do this by hand. This leads me to a quick python programming challenge. For this I used the Python Imaging Library(PIL)

from PIL import Image
from base64 import b64decode

current = Image.open("/assets/pics/bitsnbytes/diff.png")
pixels = current.load()

height = current.size;
Binary = b''
Flag = ''


for y in range(0,height[0]):

    #Decodes and prints flag
    if y == 417:
        print(str(b64decode(Flag)))
        break

    #Converts byte sized var Binary to character and adds to the final Flag
    if y % 8 == 0 and y != 0:
        Flag += chr(int(Binary, 2))
        Binary = b''
    
    #Checks coordinates to see if a colour is present then assigns 1 if true, else 0.
    if pixels[0,y] == 1:
        Binary += b'1'      
    else:
        Binary += b'0'

Link to code

We go through the range y = 0 to heigh[1] which is a tuple and holds the height value at the 1st position that we got from the .size function in PIL. Afterwards we define what we’re looking for, if it’s black assign it a value of 0 and else 1. 8 bits get converted to a character, that gets appended to the Flag variable and when 418 bits have been converted and appended, we base64 decode it and print it out to the screen. Simple as that!

The challenge itself was most likely categorized as Hard because of the programming that was involved in solving this.Hopefully there will be more creative ones like this in the future!