Pragyan 2016 - Harry Potter - Steganography

Reading time ~1 minute


Pragyan CTF might not have been on the CTFTime timetable this year but it ran during the week so we took part. We in fact finished 2nd outright with 1251 points. Equal in points to first place but arriving there later and only one challenge remained unsolved.

A minor 35 points for this harmless looking stego challenge so how hard can it be? In fact it was one of the last challenges I solved, probably due to the use of a cipher I had never heard of. It had only a 5% solve rate too so I guess a lot of folks struggled.

Actually before I go into the solution, that was an overarching theme of Pragyan for me, ciphers…. soooo mannnyyyy ciphers. I believe almost every challenge wound up with some ciphertext you had to solve. So it was fun like that.

This begins with an innocent image file which when downloaded quickly gives away a secret:

root@kali:~/pragyan/stego# file HP.png 
HP.png: PNG image data, 385 x 131, 8-bit colormap, non-interlaced
root@kali:~/pragyan/stego# pngcheck HP.png 
HP.png  additional data after IEND chunk

Using strings we see this…

root@kali:~/pragyan/stego# strings HP.png 
wherE ShOUld onE ReaLly lOoK fOr tHis flag

Hmm, at first I extracted the uppercase characters resulting in a “ciphertext” of ESOUERLOKOH. We hammered this string into so many cipher solvers for literally days with no luck.

We then decided to look more into ciphers which involve the way the entire string was encoded, this lead us to the “Bacon” cipher. Using this cipher if we take each lowercase letter to represent an “A” and each uppercase character a “B” we get the string:


Which, using an online solver we get the plaintext “bydelta” which did turn out to be the flag.

Interviewing in Tech: Security Engineer & Security Analyst

Landing a job as a security engineer or analyst at a tech company is a significant feat. It requires not only technical acumen but also s...… Continue reading

BSides Sydney 2023 Writeups

Published on November 24, 2023

DUCTF 2023 Writeups

Published on August 31, 2023