picoCTF – information

Introduction

PicoCTF’s Information challenge is fascinating because it prompts us to ponder the numerous methods available to conceal information. It’s surprising how even the most basic file can encompass a multitude of secrets. Let me present the challenge:

Overview and Solving

The task involves an image named “cat.jpg” that can be downloaded for a closer examination. After downloading, the commands “file,” “hexdump,” and “binwalk” can be used to confirm that it is indeed a JPG image. Here are the results:

When dealing with images, it’s a smart move to inspect their metadata, which often holds details about authors, properties, and other intriguing information. To access this, simply open the image using an image viewer (such as Gwenview in KDE Manjaro) or an image editor like Photoshop or Gimp.

Examining the metadata of the image will display something similar to this:

Here’s what’s interesting: the license field contains a peculiar string that doesn’t quite resemble a standard license format. It might be hiding something encoded in base64 due to the character types and length of the string. To check this, we can open our terminal and execute the command base64 -d, which will await the input of the text. After pasting the text, hitting ctrl+d exits the interactive mode.

A quicker method to decode the string is to echo the copied text and use a pipe to direct it to base64 -d, like so:

echo cGljb0NURnt0aGVfbTN0YWRhdGFfMXNfbW9kaWZpZWR9 | base64 -d

This command yields the solution:

picoCTF{the_m3tadata_1s_modified}

It’s amusing how captured flags often reference the solved problem, yet remain unseen until you… solve it! 😅

By the way, if you found this solution helpful and enjoyable, please consider following my channel. I’ll strive to post more solutions and keep up with new challenges as much as possible!