PicoCTF - c0rrupt

Posted on 2023-02-23 | Post modified | In Security/Practice/PicoCTF/Misc/Image Stego |

PicoCTF - c0rrupt

tags: `PicoCTF` `CTF` `Misc`

Challenge: c0rrupt

Background

advanced-potion-making

Exploit - Recover PNG file

Analyze
- Header 89 65 4E 34 0D 0A B0 AA $\to$ 89 50 4E 47 0D 0A 1A 0A
- IHDR 43 22 44 52 $\to$ 49 48 44 52 Then use pngcheck to analyze the file. It said the header still have some error.
```
 $ pngcheck mystery
 mystery  CRC error in chunk pHYs (computed 38d82c82, expected 495224f0)
 ERROR: mystery
```
- Revise pHYs You can open an arbitrary png file and observe pHYs part.
- Normal one
- Corrupt one 70 48 59 73 AA $\to$ 70 48 59 73 00
```
 $ pngcheck mystery
 mystery  invalid chunk length (too large)
 ERROR: mystery
```
Still error

Again We can observe a normal png file
- Normal one
- Corrupt one 52 24 F0 AA AA $\to$ 52 24 F0 00 00
```
  $ pngcheck mystery
  mystery:  invalid chunk name "�DET" (ffffffab 44 45 54)
  ERROR: mystery
```
  Still error about IDAT
Recover IDAT AB 44 45 54 $\to$ 49 44 41 54

Then we recover the whole file successfully…

Post author: SBK6401
Post link: https://bernie6401.github.io/security/practice/picoctf/misc/image%20stego/2023/02/23/PicoCTF-c0rrupt/
Copyright Notice: All articles in this blog are licensed under CC BY-NC-SA 4.0 unless stating additionally.