[Stego] ASIS - ASIS secret letter

ASIS secret letter

Average: 4.17
Rating Count: 6
You Rated: 5
Top 3 Solver

Teamrocketist
dcua
CodiSec

Points
202
Solves
17
Category
Misc Stego

Description:

The face is the index of the mind, its ASIS secret letter!

We have two images lets use binwalk on the jpg image:

$ binwalk a.jpg 

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             JPEG image data, JFIF standard 1.01
30            0x1E            TIFF image data, big-endian, offset of first image directory: 8
56            0x38            Zlib compressed data, default compression

Doesn’t look like it has something special so lets extract the files using binwalk again but with the parameter e:

$ binwalk -e a.jpg
DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             JPEG image data, JFIF standard 1.01
30            0x1E            TIFF image data, big-endian, offset of first image directory: 8
56            0x38            Zlib compressed data, default compression

Binwalk will create a folder with extracted files:

$ ls_a.jpg.extracted/
38  38.zlib

Checking the 38 file we can see we have a double encoded base64 string:

$ cat 38 | base64 -d | base64 -d
💌  from ASIS with love, please find secret message and reply soon, powered by 👉  Stéganô 👈⏎

Stéganô is a python package for steganography which can be found here https://github.com/cedricbonhomme/Stegano

Now using stegano to extract something from png, there was two binaries in stegano we tried with stegano-lsb but it didn’t work so we tried with stegano-lsb-set with the generator triangular_numbers:

$ Stegano/bin/stegano-lsb-set reveal -i e07d17ed7d8104590ff3e17bdf052057.png -g triangular_numbers
ASIS{767ba85340d9e49fa0bb9c2b12037f08}

And we got the flag!