Tuan-Dat Tran
66
steganography/exif-thumbnail/notes.org
Normal file
66
steganography/exif-thumbnail/notes.org
Normal file
@@ -0,0 +1,66 @@
|
||||
* EXIF - Thumbnail
|
||||
|
||||
Task
|
||||
|
||||
Find the password hidden in this JPG image.
|
||||
|
||||
[[./ch10.jpg]]
|
||||
|
||||
#+begin_src sh
|
||||
exiftool ch10.jpg -b > thumbnail.bin
|
||||
#+end_src
|
||||
|
||||
** Full process
|
||||
|
||||
1) Checked metadata in the original image:
|
||||
|
||||
#+begin_src sh
|
||||
exiftool ch10.jpg
|
||||
#+end_src
|
||||
|
||||
Key findings:
|
||||
- `Thumbnail Offset: 202`
|
||||
- `Thumbnail Length: 41506`
|
||||
|
||||
2) Extracted the correct thumbnail from EXIF:
|
||||
|
||||
#+begin_src sh
|
||||
exiftool -b -ThumbnailImage ch10.jpg > thumb_extracted.jpg
|
||||
file thumb_extracted.jpg
|
||||
exiftool thumb_extracted.jpg
|
||||
#+end_src
|
||||
|
||||
Result:
|
||||
- `thumb_extracted.jpg` is a valid JPEG (600x339)
|
||||
- it also contains another EXIF thumbnail (`Thumbnail Length: 15957`)
|
||||
|
||||
3) Extracted one level deeper:
|
||||
|
||||
#+begin_src sh
|
||||
exiftool -b -ThumbnailImage thumb_extracted.jpg > thumb2.jpg
|
||||
file thumb2.jpg
|
||||
exiftool thumb2.jpg
|
||||
#+end_src
|
||||
|
||||
Result:
|
||||
- `thumb2.jpg` is a JPEG (300x300)
|
||||
- JPEG comment: `We need to go deeper`
|
||||
|
||||
4) Extra checks (stego tools unavailable in this environment):
|
||||
|
||||
#+begin_src sh
|
||||
steghide info thumb2.jpg
|
||||
binwalk thumb2.jpg
|
||||
#+end_src
|
||||
|
||||
Both commands were not installed in this environment.
|
||||
|
||||
5) Opened/read the image content of `thumb2.jpg` directly.
|
||||
|
||||
The text visible in the image:
|
||||
|
||||
`The flag is: B33r!sG00d!`
|
||||
|
||||
** Flag
|
||||
|
||||
`B33r!sG00d!`
|
||||
Reference in New Issue
Block a user