9447 CTF Stego Challenge: 90pts

Challenge Description:

"Our spies found this image. They think something is hidden in it... what could it be?"




1) Analyze the image

   Looking at the image we run some known steganography tools on it.
   Personal choice: zsteg

   Researching into wbStego alogorithms and running some tools on the PNG fail.
   The file is a PNG, not a usual filetype for wbStego tools to run on.
   It could be custom embedded somehow, but for a 90pts challenge, we doubt that this is the route to take.

2) IDAT Chunks

   Another common method of hidding information in PNG files is through the IDAT chunks.
   In this case, after simply looking closely at the PNG strings we notice strings which could be part of a flag.
   Specifically, "9447" and interesting chunks of strings with "{" and "}" characters.
   Additionally, these strings are all next to the IDAT chunk header.

3) Reconstruct the flag

   Appending together these string chunks, taken from the PNG's CRC segment, gives us what looks like a flag
   After some duplicate character pruning, the flag is validated.