In the news channel of the CTF discord server, one week before the CTF starts, an admin announces that the inscriptions are now open, and ends his message with the following :
There is a prechall π¦ to find on the website while waiting for the official opening. You are already 14 to have solved it, congratulations to you! π₯
Find the challenge
If we look at the HTML source code of the website’s main page, we can see the following comment:
<!-- While waiting for the opening, a flag is to be found on this website. See on /teasing π₯ -->
The /teasing endpoint contains the following page.
The challenge only gives only 1 symbolic point and a flame after the user pseudo… But this flame is something uniq you can’t have otherwise!
Solving the puzzle
The starting point is this image.
It seems like the original image has been shuffled into a puzzle.
Because I’m lazy and I don’t want to spend hours solving the puzzle in GIMP (which is really annoying), I decided to just recover the text written on the image visually. After a few minutes, I got it: FCSC 2023 CHALLENGE DESIGNERS SPEAKING OF LSB STEGANO.
But I just made a huge mistake. :-)
Up to this point, I was thinking that it was useless to edit the image in GIMP or whatever to solve the puzzle anyway, because it would obviously change everything in the pixels order and create a new, different image.
As you’ll see, it cost me some days of struggling.
Failed attempts
As the text talks about LSB steganography, something I know well because it’s very common, the first thing I tried is to apply steganography tools on the original image.
I tried a lot of different tools, such as zsteg, steglsb, stegsolve… But everything was just giving me garbage data.
Using stegsolve, I tried using 2 bits of precision instead of 1, or using only two color channels at a time instead of all three… But nothing was working.
However, I noticed something very interesting in aperisolve.
The bit plane 0 of the image is definitely where everything is happening. Some puzzle pieces have all their LSB at 0, while other pieces contain data.
My assumption, when I saw that, was that the LSB data was actually built using only these puzzle pieces. I then spent some time writing a Python script to extract the LSB only in the coordinates of one of the puzzle pieces with data, ignoring all the zones with only 0 LSB.
Unfortunately, it ended up giving me garbage once again.
At this point, I was thinking that something was definitely suspicious with the fact that it is a puzzle, and I started to do some research about puzzle steganography.
After some googling about puzzle based steganography, I found out that something exists! This paper explains a steganography technique based on jigsaw puzzle. And if we search that on google…