Puzzle Hex / steganography problem

4n1mu5
5 months ago | edited 5 months ago

-1

So I am having a puzzle to solve. I tried solving it but I don’t know the exact approach for that. If possible someone helps me to solve this.

Puzzle link:-
https://ibb.co/HXkxmXJ

I tried using hex editor but couldn’t find any valuable data. Then I tried opening the “png” file with Notepad++ so I found some “RDF” code in it.
But I am clueless what is need to be done with that. I am pasting the same code in this as well. Kindly see it and let me know the approach.

<x:xmpmeta xmlns:x=“adobe:ns:meta/” x:xmptk=“XMP Core 5.4.0”>
<rdf:RDF xmlns:rdf=“http://www.w3.org/1999/02/22-rdf-syntax-ns#”>
<rdf:Description rdf:about=“”
xmlns:exif=“http://ns.adobe.com/exif/1.0/
xmlns:tiff=“http://ns.adobe.com/tiff/1.0/”>
<exif:PixelYDimension>960</exif:PixelYDimension>
<exif:PixelXDimension>1306</exif:PixelXDimension>
<tiff:Orientation>1</tiff:Orientation>
</rdf:Description>
</rdf:RDF>
</x:xmpmeta>

18replies
5voices
19views
Mugi [Mugiwara27]
5 months ago

0

Your link is dead!

4n1mu5
5 months ago

0

I don’t know how to attach a png file in this chat. If possible let me know your email id I will directly send it to you.

fred [feuerstein]
5 months ago

0

You need to upload it to another host and place a link here. Maybe it works on imgur? https://imgur.com/upload

4n1mu5
5 months ago

0

Ok I think you can use this link https://ibb.co/HXkxmXJ. I have uploaded the image in this.

fred [feuerstein]
5 months ago | edited 5 months ago

0

Is there any description or only the image?
Is the image itself tho object, or the shown hexcode?
Could you provide the shown code as a file? I’m so lazy for typing all the letters ;)

fred [feuerstein]
5 months ago

0

Your hexdata looks a bit mixed up. In the last row you can find something that could be broken JFIF-Data. There is the SOI(Start of Image)=FF D8 followed by an APP0 (JFIF tag) = FF E0. The following data for the APP0 is inconsistent.

In the first line you have the same, if you switch the byte-order wordwise (From D8 FF to FF D8). This Data is inconsistent too.

The middlepart seems to be displayable chars, that I’d say on the first view could be a shiftcipher or smth

4n1mu5
5 months ago

0

Ok many things went over my mind. So did you tried opening the file with notepad++? Coz i found some code in there which i have pasted in the initial message. Have a look to it

4n1mu5
5 months ago

0

And there is no information other than that image with me. So we need to find from that only

fred [feuerstein]
5 months ago

0

What you are talking about is some information provided in a “iTXt”-Chunk (see http://www.libpng.org/pub/png/spec/1.2/PNG-Chunks.html) there is nothing special about this. The Checksum of all chunks is ok. I’m not sure, but I think it is not the image itself, but the hexdata that is shown

fred [feuerstein]
5 months ago

0

I was about to post the solution here, but then the hidden message reminded me on one level here so I’ve deleted it again. Is it from a challenge here?

4n1mu5
5 months ago

0

No, it is not a challenge from “Hack this”. I got it from somewhere. That’s the reason I don’t have any clue towards it. So you can let me know whatever solution you found, then we can work on it if it isn’t proper.

fred [feuerstein]
5 months ago | edited 5 months ago

1

If you look at that middle-part I’ve mentioned before. If you switch the byte-order wordwise too for this part you will get a clean text message:

..someRandomCharacters..

Only an illusive mind with illusive thoughts can bear to see reality, As illusion once created are now reality. Isn’t it?

Congrats, You have made it here!

Now, Tell us about your favorite Hack - Postman Security Team

..someRandomCharact

So it seems the last line shall bring you to the JFIF-Format-Headers, and recognizing that the first line is byteswitched brings you the hint for the encoded message of the middlepart

dloser
5 months ago

0

[quote=4n1mu5]I got it from somewhere.[/quote]
Why won’t you just say where? This feels like you are trying to (ab)use us to solve things for you…

4n1mu5
5 months ago

0

No it’s not the case you are thinking -dloser. I seriously just had the image nothing else and I just wanted to know the approach for solving such questions. And by my profile, you can easily see that I am interested in learning nothing else.

4n1mu5
5 months ago

0

-feuerstein . I am trying to understand the way you solve the problem. So can you use a bit laymen terms or the software you use to decode it? It will be helpful if you do that.

dloser
5 months ago

0

I see nothing. (And that includes an answer to my question.)

fred [feuerstein]
5 months ago

0

I can’t. The only thing I can do is to list the steps:

  1. type the values from the image into a hex-editor to create the shown file
  2. recognizing the string JFIF on the bottom of the file
  3. read reference-papers about the JFIF (Jpeg File Interchange Format)
  4. try to understand what is at the bottom with that papers (check every byte in that format if it makes sense)
  5. recognize that these headers are on the top of the file in switched byteorder
  6. recognize that everything between the 1st and the last line is printable ascii
  7. recognize this byteorder is switched too
  8. decode the message by ordering the bytes
Darwin [DIDIx13]
5 months ago

0

@4n1mu5 Please provide a source if you need help, we are not allowed to help an on-going CTF challenge etc

If you need help tell us first if it’s a wargame website, “just had the image nothing else” is not an answer.

You must be logged in to reply to this discussion. Login
1 of 19

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss