NahamCon CTF 2024 Walkthrough: Twine

Jun 11, 2024

Steganography challenges are always fun, as is the case with Twine.

For those who don't know, steganography is the practice of concealing a message, image, or file within another message, image, or file. Unlike encryption, which protects the content of a message, steganography hides the existence of the message itself. This makes it a valuable tool for covert communication.

Downloading twine.jpg, you get this image:

Nothing crazy, just a bundle of twine. It's easy in challenges like this to get carried away and start downloading toolkits and start trying to crack into images. Often times, these are not set up to be that difficult on the first go. Let's start with a beginner's approach and head to more technical methods as we progress.

So first up, just playing with the image in an image editor. This was something that I missed on a CTF last year and spent over an hour trying to figure out the metadata and open it in various tools when the answer was simply, "What if it was brighter or darker".

Okay, so no luck there. It makes sense. There isn't a lot of space to hide a flag in the visual space of the image, so let's keep going. Let's try our next step, looking at the file's metadata.

So looking at it using the file command tells us what kind of file it is. Kind of a "No duh" moment, but it's important to note that we can change file extensions to whatever we want. It could be a .dll that's really a .png but without verifying, we would have no way of knowing. Okay, so let's look at it's exif data.

Okay, no flag there. This could be useful if it had more EXIF data like a location or what camera it was shot on, but nothing of note here.

Moving up in our technical scale, let's try using a hex editor to look at the image. HxD is a great tool on Windows for viewing and modifying hexidecimal data.

So we'll press Control + F and look for the text string "flag".

And that seems to do the trick.

All we have to do is copy that flag and paste it back into the challenge and we're good to move on. This challenge is an excellent opportunity to develop routines and workflows for different types of problems. It's not always necessary to jump to the most complex solution when simply checking the basics will solve a good percentage of the challenges.