 Hey, YouTube! This is a video write-up for the challenge Hidden Agenda from Codefest CTF 2018. The challenge problem here is just before getting caught in Russia, MI6 agent John Stegwall sent a mail to MI6 containing two visually similar images, blah, blah, blah. So admittedly, I did not solve this problem, and my team did not get this challenge. We were playing in a Discord server, link in the description. It's a cool party. We didn't solve this during the competition. So I had to check out some write-ups at the very end of the game, admittedly. So this is kind of on the tails of that. Had I been smarter about actually reading the challenge prompt and kind of piecing together what I have to work with, maybe I would have been able to track this down. But I couldn't get anything with Steg Solve, didn't know any other tools, didn't realize that I'm actually going down the steganography rabbit hole. Because I did something else. I did something different. So we could download these two images. They're given in just a Google Drive folder. I went ahead and downloaded them, and I have them here for us. I want to showcase that these are JPEG images. However, they're very, very large. Like, does it show me the dimensions here? It does, yeah. 5,404 by 3,638. So pretty big picture. Not easily able to, like I have no them. It takes a little second to load. Same thing for image two. Takes a little bit for it to just actually display it on the screen. Steg Solve, if I went ahead and used it, it would kind of suck to actually work with because I don't know a smart way to, like, actually run Steg Solve with keeping the resolution that that image has and actually being able to display it a-okay. Let's just run Steg Solve here. Open up the file. And obviously it's humongous and I'm not able to actually see most of the picture without scrolling around. I could probably scale this down, but I wouldn't want to lose anything that may be hidden in the image if that is the case. I don't know. Maybe that's just some weird paranoia I have. Probably image magic could handle resizing it just fine. So what we could do with this, and this is a tool that I had not seen before, so I'm happy to add that to my toolkit, happy to learn about that. That's why reading the write-up was pretty neat. This is referring to John Stegwall or JSteg, and that that is a utility you can use to do some of this, like, actual steganography within a JPEG image implementation. This tool, JSteg, is written in Go. I couldn't particularly easily get that to piece together, but I'm sure it would be able to do this just fine. You can go get and go set it up if you're using the Go path and the Go environment variables and all that Go stuff. I didn't want to deal with it. So JSteggo is another option that is another Java jar file. So you can download that, and that's just a cool utility that will do a very, very similar thing to Steg Solve, except it will just extract out the algorithm or whatever amount of thing that it found for you. So once I got that downloaded, I'll move that over to my directory, just putting it right here, and then we should be able to Java, Tacjar, JSteggo, run that, and we're given this cute little dialog box. We can open up or seek information out of another file, and then we can browse to just the image that we're looking at here. I'll use image one. If we run seek, it will go ahead and try to do whatever algorithm that it has, cool little tool. I guess that's pretty neat. It says see complete algorithm is JSteg. So I'll close out of that and I'll see if there's anything new in our directory or did it create any files for us to look at. And it looked like it did. It has flg.exe. I can run a file on that, and it's not an executable file. It's actually just an MPEG audio thing. Weird. So if I wanted to, I could run mPlayer on that file. And I don't know if you can hear a little bit of that chirping, some strange noise. So there's got to be something hidden in this too. What I wanted to do was fire up like Sonic Visualizer, which if you don't have installed, you can just sudo apt install sonic hyphen visualizer. I'm not going to type all that out. But if we wanted to, we could try and open that file. And I've got it in the wrong directory here. You'll notice you won't be able to open just flg.exe. You got to switch to all files. And if you even try and open that, Sonic Visualizer won't allow it. You could probably do this in Audacity, and maybe that would handle it just fine. But I don't know, I like Sonic Visualizer. It does the same thing for reading the spectrogram that I want to particularly see. So let's go ahead and copy this file. Just to give it a different file name, we'll give it an extension here, we'll give it just like something.mp3. And then we'll get back to Sonic Visualizer, do the same thing, open up in that directory, and we should be able to read something.mp3. So now we could play the file if we wanted to, zoom in a little bit, play with it. I don't know what tongue twister just happened there. But if we wanted to add a layer or add a pane, we could add spectrogram, and that can give us all channels mixed. And you can see right down there is the flag. So that is what we had to do here, just a little bit of steganography in the image, and then kind of the classic, okay, hiding information in the audio file. You can normally recognize that by those strange high pitch chirps. So that is the flag, code fest, CTF obscurity, greater than security. Interesting challenge here. So if we wanted to, we could submit that flag, write it down, blah, blah, blah. I want to showcase the rabbit hole that I went down because it had some interesting things. And if you hadn't written the code to XOR images before, maybe you might want to do that. So I'll create a script, XOR image.py, I should probably name that XOR images just to be just to be good. And then we'll give it a shebang line user bin Python. Let's do from pill import image, capital I image. And then we should be able to run like image one equals image dot open. And the file names that we're working with so image one dot jpeg image two can equal image two dot jpeg. And that's fine. Let's get the size of these let's get size equals width height, which equals image one dot size. I think that works. Is that right? No, it's not a function. It's just data. Okay, cool. So let's say new can equal image dot new, and we'll make it RGB mode. So that way, that just defines the mode for the image we're creating and it needs to know the size we're working with. So that works just fine there. Now let's actually load the data out of these individual objects, or these images so we can work through them. Let's get image one and image two based off of these. And let's get data can be the same thing with our new object. Okay, those work just fine. It takes a little bit of time and it's going to because we are going to loop through a very, very large image. But we can do for x in range of width, and then for y in range of height, so we loop through every single pixel in here. So we can get if we wanted to that pixel properties. Let's just actually print out image one at position x and y, I'll put this in terminal so I can run it just a little bit and it's I can cancel it if I want to because there's going to be a lot of color values going through there. Now let's go ahead and get like, let's call this one can be this guy to can equal this guy. So we're just getting a shorter variable name. So that way, our new color can be one one x sword with two, I said one when I meant to say zero in there and that we are zero based for the first index. So we just x or that number, whatever it may be in the red category of the RGB or red, green, blue pixel values. And we'll do that same thing for the next pixel color value. So green and blue right down here. So now if I wanted to print out new color, and the colors are x sword, we can be displaying all these blah, blah, blah. So there's a lot of black in there, but it looks like there's some other things that aren't in there. So maybe just trying to hide something in an x or of these images. Let's go ahead and put them together. We can say data at x and y can equal that new color that we've just got. And then at the very, very end of our script, we can do let's see, new dot show if we wanted to and the new dot actually let's save before it file name new dot jpeg. So again, this is a complete rabbit hole not really necessary, but if you wanted to have that code to be able to x or images you can, I'll run this and it will take a bit of time because again, we are looping through a very, very large image. So I'll pause the video and get back to you. So it finished and image magic is trying to display this but it's also way too big for that. So let's just close out of it here. Thankfully, we're able to save the file. So I now have this new dot jpeg that we can check out with EOG takes a little bit of time, but in the very, very center you'll see a very, very faint QR code. So what I wanted to do next was actually check out this QR code and see what I could do with it. See if I could actually clean it up to a point where I could like work with it for one thing. Well, can I invert these colors? Yeah. Okay, looks like that's not what I wanted to do, but I can probably just extract this. So if you wanted to, you could cut this out. I think the threshold is actually a better option to go through here all the way at the very, very end. You can get some a decent portion of the QR code saved and you'll have to like manually clean it up a little bit. And Z bar image would not be able to handle this, but I think if you tried your phone or whatever QR code scanner that you may have an app for, you should be able to figure it out and eventually get it. I was not able to, I was not lazy enough or I was too lazy and didn't put in the effort to try and clean up this QR code because it's really messy. I think actually you don't have to go through that XOR. You may be able to just find it in one of the channels of image one or image two. But then once you get that QR code, it will link you to a troll picture. And I'll actually, I'll get that from my original source here. Hidden agenda. I think it's called after.jpeg was the name of it. I'll put it here. And then it's literally a troll face with flags supposedly written in yellow, but not actually displayed there. If I tried to run steg solve on it to like see, are we actually, do we actually have a flag here? It wouldn't give me literally anything. So you can check this out in all of the other panes. There's really just no data following that flag. There's no text there. So it is a complete troll. It's complete decoy. But that's a rabbit hole. We did find the solution just by using jsteg peculiar thing. But cool. Wanted to show it to you guys. Thanks for watching. Hope you're enjoying these. Quick shout out to the people that support me on Patreon. Thank you guys so much. It's incredible to see this list growing every, every time. Thinking of adding a new tier to Patreon, maybe like $10 or more, in which we could just do like a live stream together if you wanted to get some face cam time and do like an ask me anything that will be on YouTube. If you want to get some like channel time, we could do that $10 maybe. I don't know. I'm thinking about it. Let me know. Comment section, whatever. $1 a month on Patreon will give you a special shout out just like this at the end of every video. $5 or more on Patreon will give you early access to everything they release on YouTube. If you did like this video, please do like, comment, and subscribe. Link in the description to join our Discord server. Cool community of CTO players, programmers, and hackers. Word and chat. We're going to tackle ICTF, Nox CTF, and all the upcoming capital flag games. So if you want a team, you just want to hang out with cool people, that's the place to do it. Thanks guys. Hope to see you on Patreon. Hope to see you in the next video. I love you. Goodbye.