Home > CTF, Forensics, Stegano > Nullcon CTF 2014 Forensics 400 writeup

Nullcon CTF 2014 Forensics 400 writeup

Question 4:

A suspicious image was found on the desktop. Our investigator suspects something is hidden.

Hint: remove i from it.

Click here to download the image.


Instead of giving this image for a challenge, admins could have given a task like: “Install stegdetect in Linux” :P. Installing stegdetect was just a tedious job in Linux. I tried using the windows version of the same tool, but it was a old one, so it just popped a Huffman code error and exited. First I tried using stegsolve. When I viewed the image in the Red Plane, I saw a Eiffel Tower image.


I tried submitting what I got by removing the letter “i” as given in the in the hint. It cannot be that simple :). So the submitted answer was wrong. I took the word (effel) and used as key, to extract any hidden contents from the image, using steghide. Nope, no results. Then I used stegdetect in my machine to understand the algorithm used. Okay it was invisible secrets! We downloaded a windows application, a trial version, which can decrypt the contents which are AES encrypted.


We used the secret pass phrase as “effel” and we tried decrypting it. We got a text file stating : Congrats, you cracked it, flag : 02940294029402940294.

  1. Google
    January 31, 2014 at 6:51 am

    i guess the algorithm was invisible secrets and not AES..AES encryption was used in the algorithm called invisible secrets.I guess stegdetect would say the algorithm to be invisible secrets and not AES 🙂

  2. January 31, 2014 at 12:59 pm

    Oh yea! But the tool which I used didn’t had the option to select, Invisible secrets algorithm. But still, the tool managed to crack it with AES. Wonder how did that happen!

  3. January 4, 2015 at 3:42 am

    Is “invisible secrets” the name of the algorithm or the tool itself?

  4. January 5, 2015 at 3:16 am

    Yes! Invisible secrets is the name of the algorithm and there is a tool as well in the same name.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This Week In 4n6

Your weekly roundup of Digital Forensics and Incident Response news

RAM Slack - Random Thoughts from a Computer Forensic Examiner

Random Thoughts from a Computer Forensic Examiner


behind the scenes

DFIR Journal

Trials and Tribulations of a DFIR life

I dont know zilch !

For the noobs out there like me

X-Ways Forensics Practitioner's Guide

The Guide to X-Ways Forensics!

Forensic Focus - Articles

Digital forensics articles and research papers

my abbreviations......

gain,learn and share knowledge!!!!


Windows Logging Service (WLS), DFIR, etc.

Belkasoft Forensic: The Digital Evidence Blog

Searching for, analyzing and recovering digital evidence

Gail Tredwell. Amma. Truth. Lies. Scandals. Fraud. And. Reality

Three things cannot be long hidden: the sun, the moon, and the truth.

Integriography: A Journal of Broken Locks, Ethics, and Computer Forensics

Musings about UAVs, search & rescue, computer forensics, cyber security, and the state of play in all .....

Life is beautiful

when the mind is full with love, you see beauty in every thing

Techno Krat

.... Dare To Try .......

%d bloggers like this: