One PieNG 1

附件的文件名就是flag

1
ctfshow{#St4rt_fr0m_th1s_5tr1ng#}

One PieNG 2

图片上的字符串即为flag

1
ctfshow{#Th1s_i5_s0_34sy!!!#}

One PieNG 3

修改图片高度得到flag

1
ctfshow{#Pn9_He1gh7_6e_ch4ng3d#}

One PieNG 4

依旧是修改图片高度

1
ctfshow{#M4yb3_we_sh0uld_9o_d33per#}

One PieNG 5

用stegsolve打开原附件

b通道最低为隐写

1
ctfshow{#You_st3gs0lved_me!!!#}

One PieNG 6

LSB隐写

stegsolve的data extract模块

1
ctfshow{#LSB_1s_v3ry_e4sy_righ7?#}

One PieNG 7

尝试一波column,最终在R、G的0通道找到了

1
ctfshow{#5omet1mes_LSB_g0es_co1omn_f1r5t#}

One PieNG 8

看到R、G、B的7通道左上角都有点问题,尝试一波

1
ctfshow{#zsteg_do35_no7_a1w4ys_w0rk#}

One PieNG 9

可以发现在 每一个色道的0通道上的左上角都有一段lsb隐写,而在1、2通道上的比0通道上的还要长

看到PK直接save bin 存为zip文件

打开压缩包里边有个txt

1
ctfshow{#Wh4t_1s_6it_0rder_4nd_y0u_c4n_LSB_b1nd4ta_to0#}

One PieNG 10

010editor打开找到flag

1
ctfshow{#A_k3y_1n_exif#}

One PieNG 11

查看图片的exif 在线网站

XMP-photoshop
DocumentAncestors 23415F6B65795F6672306D5F50683074307368307023
城市 b58/3AjtPrXQJuhFwguK7nqu4ZpsqMLwU

将城市对应的值进行base58解码

1
ctfshow{#An0th3r_key_1n_3xif#}

One PieNG 12

查看图片的exif 在线网站

XMP-photoshop
DocumentAncestors 23415F6B65795F6672306D5F50683074307368307023
城市 b58/3AjtPrXQJuhFwguK7nqu4ZpsqMLwU

第一行hex解码即可得到flag

1
ctfshow{#A_key_fr0m_Ph0t0sh0p#}

One PieNG 13

用010打开

1
ctfshow{#Ju5t_a_1one1y_tEXt_chunk#}

One PieNG 14

PNGDebugger跑了一下,发现前九个IDAT块错误,用tweakpng删除掉前九个IDAT块即可

1
ctfshow{#eXtr4_IDAT_of_an0th3r_Pn9#}

One PieNG 15

扔kali中 binwalk命令来分离

考点 zlib压缩数据 (有关知识

1
ctfshow{#IDAT_i5_a_z1ib_p4cka9e#}

One PieNG 16

这个真的,好阴间哟,我人麻了…..

pngdebugger分析图片,前九个出错的IDAT块的crc-code加起来就是flag……

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
0x0000028D      chunk-length=0x00010000 (65536)
0x00000291 chunk-type='IDAT'
0x00010295 crc-code=0x00234831
>> (CRC CHECK) crc-computed=0x94F55588 => CRC FAILED


0x00010299 chunk-length=0x00010000 (65536)
0x0001029D chunk-type='IDAT'
0x000202A1 crc-code=0x0064655F
>> (CRC CHECK) crc-computed=0xBA2406E1 => CRC FAILED


0x000202A5 chunk-length=0x00010000 (65536)
0x000202A9 chunk-type='IDAT'
0x000302AD crc-code=0x00683378
>> (CRC CHECK) crc-computed=0xCD6A57C7 => CRC FAILED


0x000302B1 chunk-length=0x00010000 (65536)
0x000302B5 chunk-type='IDAT'
0x000402B9 crc-code=0x00643437
>> (CRC CHECK) crc-computed=0x9EC196CD => CRC FAILED


0x000402BD chunk-length=0x00010000 (65536)
0x000402C1 chunk-type='IDAT'
0x000502C5 crc-code=0x00615F31
>> (CRC CHECK) crc-computed=0x1D1C51CC => CRC FAILED


0x000502C9 chunk-length=0x00010000 (65536)
0x000502CD chunk-type='IDAT'
0x000602D1 crc-code=0x006E5F63
>> (CRC CHECK) crc-computed=0xD41FCAD9 => CRC FAILED


0x000602D5 chunk-length=0x00010000 (65536)
0x000602D9 chunk-type='IDAT'
0x000702DD crc-code=0x0068756E
>> (CRC CHECK) crc-computed=0x655D563D => CRC FAILED


0x000702E1 chunk-length=0x00010000 (65536)
0x000702E5 chunk-type='IDAT'
0x000802E9 crc-code=0x006B5F43
>> (CRC CHECK) crc-computed=0xCB1875FD => CRC FAILED


0x000802ED chunk-length=0x00002646 (9798)
0x000802F1 chunk-type='IDAT'
0x0008293B crc-code=0x00524323
>> (CRC CHECK) crc-computed=0x19FE70D3 => CRC FAILED
1
2
3
4
5
6
7
8
23483164655F683378643437615F316E5F6368756E6B5F43524323

//hex解码后

#H1de_h3xd47a_1n_chunk_CRC#

flag:
ctfshow{#H1de_h3xd47a_1n_chunk_CRC#}

One PieNG 17

010打开,图片的尾部

1
ctfshow{#HexEditor_wi11_b3_he1pfu1#}

One PieNG 18

用foremost分离出来的东西中有个图片

1
ctfshow{#He110_I_4m_Tw0_PieNG#}

问卷

1
ctfshow{套娃终有报,天道好轮回。不信抬头看,苍天饶过谁。}