This challenge is about analyzing a photo (Steganography).
Commands such as binwalk, exiftool could be helpful but the one which we needed was zsteg.
Note: zsteg is a command-line tool for detecting hidden data in PNG and BMP files. It analyzes image bit planes (like LSB) to uncover embedded messages, text, or files.
Steps
1. Detect Hidden Data
Using zsteg -a on the PNG:
zsteg -a flag.png
Revealed us in the very first line this info:
b1,rgb,lsb,xy .. text: "{\"bottle\":\"Ahoy! I be hopin' ye fancy a good ol' treasure hunt!\", \"course\": \"RB1\"}r"
Something is embedded in the LSB (Least Significant Bits).
In this case the script searched for the LSB in RGB channels.
Right at the end of the line we see:
Which is a crucial information because this made me think about Red, Blue, 1.
First, I extracted the Red and Blue channel bits from bit plane 1, then downloaded all data as a .bin file.
(Do not forget to put the right order of the bit plane - In this case, it is RBG because Red and Blue come first.)
Red, Blue, 1
3. Analyze Extracted Data
When we analyze the extracted data, we find another message.
Output:
And do the same pattern again and again, until we get this:
4. Decode Base64
It is clearly a base64 encoded line, so when we go to Cyberchef to decode it, it appears to be a .zip file.
(Used Save output to file option in Cyberchef)
.zip file in b64
It has a password so we should crack it in order to see the content of flag.txt.
I used John the Ripper tool for this one.
