EN | ZH Image files are a good source of hacker culture, so various image files often appear in CTF contests.

Image files come in a variety of complex formats and can be used for a variety of analysis and decryption involving metadata, loss of information and lossless compression, verification, steganography or visual data encoding, all of which are important directions in Misc. . There are a lot of knowledge points (including basic file formats, common steganography and steganography software), and some places need to be deeply understood.

Metadata (Metadata)

> Metadata, also known as mediation data, relay data, is data about data, mainly information describing the properties of the data, used to support such as storage location, historical data, resources Find, file, and more.

Hidden information in metadata is the most basic method in the game, usually used to hide some key Hint information or some important information such as password.

You can view this type of metadata by right-clicking on the --> property, or by using the strings command. In general, some hidden information (strange strings) often appears in the header or trailer.

Next, we introduce an identify command, which is used to get the format and characteristics of one or more image files.

-format is used to specify the information displayed, and flexible use of its -format parameter can bring a lot of convenience to solving problems. [format specific meaning of each parameter] (


Break In 2017 - Mysterious GIF

One of the difficulties in this problem is to discover and extract the metadata in the GIF. First, strings can observe the abnormal points.





The string of hexadecimal here is actually hidden in the metadata area of the GIF.

The next step is extraction, you can choose Python, but it is more convenient to use identify

root in ~/Desktop/tmp λ identify -format "%s %c \n" Question.gif

0 4d494945767749424144414e42676b71686b6947397730424151454641415343424b6b776767536c41674541416f4942415144644d4e624c3571565769435172
1 5832773639712f377933536849507565707478664177525162524f72653330633655772f6f4b3877655a547834346d30414c6f75685634364b63514a6b687271

24 484b7735432b667741586c4649746d30396145565458772b787a4c4a623253723667415450574d35715661756278667362356d58482f77443969434c684a536f
25 724b3052485a6b745062457335797444737142486435504646773d3d

Other processes are not described here, please refer to the Writeup in the link.

Pixel value conversion

Look at the data in this file, what can you think of?


Is a string of RGB values, try to convert him into a picture

from PIL import Image

import re

x = 307 #x coordinates by integer decomposition of the number of lines in txt
y = 311 #ycoordinates x*y = number of rows

rgb1 = [****]
print len (rgb1) / 3

for i in xrange(0,x):

    for j in xrange(0,y):

Line = rgb1[(3*m):(3*(m+1))]#Get a line

        rgb = line

Im.putpixel((i,j),(int(rgb[0]), int(rgb[1]), int(rgb[2])))#rgb converted to pixels"flag.png")

And if the other way around, extract the RGB values from a picture, and then compare the RGB values to get the final flag.

Most of these topics are pictures of some pixel blocks, as shown below.

Related topics: