Skip to main content

RED

  • Description: RED, RED, RED, RED
  • Difficulty: Easy

🔎 Solution

At first glance, the image appears to be nothing more than a plain red square. However, inspecting the metadata using exiftool reveals a hidden surprise: a field labeled Poem containing a short piece of poetry.

┌──(kali㉿kali)-[~/Desktop]
└─$ exiftool red.png                        
ExifTool Version Number         : 13.00
File Name                       : red.png
Directory                       : .
File Size                       : 796 bytes
File Modification Date/Time     : 2025:05:25 04:29:20-04:00
File Access Date/Time           : 2025:05:25 04:29:34-04:00
File Inode Change Date/Time     : 2025:05:25 04:29:33-04:00
File Permissions                : -rw-------
File Type                       : PNG
File Type Extension             : png
MIME Type                       : image/png
Image Width                     : 128
Image Height                    : 128
Bit Depth                       : 8
Color Type                      : RGB with Alpha
Compression                     : Deflate/Inflate
Filter                          : Adaptive
Interlace                       : Noninterlaced
Poem                            : Crimson heart, vibrant and bold,.Hearts flutter at your sight..Evenings glow softly red,.Cherries burst with sweet life..Kisses linger with your warmth..Love deep as merlot..Scarlet leaves falling softly,.Bold in every stroke.
Image Size                      : 128x128
Megapixels                      : 0.016

A closer look shows that the capitalized letters within the poem spell out the phrase CHECK LSB - a subtle clue pointing toward steganography.

Crimson heart, vibrant and bold
Hearts flutter at your sight
Evenings glow softly red
Cherries burst with sweet life
Kisses linger with your warmth
Love deep as merlot
Scarlet leaves falling softly
Bold in every stroke

In image steganography, LSB (Least Significant Bit) is a common technique used to conceal information by modifying the smallest bits of pixel data. These changes are usually imperceptible to the human eye, making LSB a popular choice for embedding hidden messages in images.
To extract such data, a tool like zsteg is often employed. Running it on the image uncovers a Base64-encoded string hidden in the b1,rgba,lsb,xy channel.

┌──(kali㉿kali)-[~/Desktop]
└─$ zsteg red.png 
meta Poem           .. text: "Crimson heart, vibrant and bold,\nHearts flutter at your sight.\nEvenings glow softly red,\nCherries burst with sweet life.\nKisses linger with your warmth.\nLove deep as merlot.\nScarlet leaves falling softly,\nBold in every stroke."
b1,rgba,lsb,xy      .. text: "cGljb0NURntyM2RfMXNfdGgzX3VsdDFtNHQzX2N1cjNfZjByXzU0ZG4zNTVffQ==cGljb0NURntyM2RfMXNfdGgzX3VsdDFtNHQzX2N1cjNfZjByXzU0ZG4zNTVffQ==cGljb0NURntyM2RfMXNfdGgzX3VsdDFtNHQzX2N1cjNfZjByXzU0ZG4zNTVffQ==cGljb0NURntyM2RfMXNfdGgzX3VsdDFtNHQzX2N1cjNfZjByXzU0ZG4zNTVffQ=="
b1,rgba,msb,xy      .. file: OpenPGP Public Key
b2,g,lsb,xy         .. text: "ET@UETPETUUT@TUUTD@PDUDDDPE"
b2,rgb,lsb,xy       .. file: OpenPGP Secret Key
b2,bgr,msb,xy       .. file: OpenPGP Public Key
b2,rgba,lsb,xy      .. file: OpenPGP Secret Key
b2,rgba,msb,xy      .. text: "CIkiiiII"
b2,abgr,lsb,xy      .. file: OpenPGP Secret Key
b2,abgr,msb,xy      .. text: "iiiaakikk"
b3,rgba,msb,xy      .. text: "#wb#wp#7p"
b3,abgr,msb,xy      .. text: "7r'wb#7p"
b4,b,lsb,xy         .. file: 0421 Alliant compact executable not stripped

Decoding that string ultimately reveals the hidden flag.

┌──(kali㉿kali)-[~/Desktop]
└─$ echo "cGljb0NURntyM2RfMXNfdGgzX3VsdDFtNHQzX2N1cjNfZjByXzU0ZG4zNTVffQ==cGljb0NURntyM2RfMXNfdGgzX3VsdDFtNHQzX2N1cjNfZjByXzU0ZG4zNTVffQ==cGljb0NURntyM2RfMXNfdGgzX3VsdDFtNHQzX2N1cjNfZjByXzU0ZG4zNTVffQ==cGljb0NURntyM2RfMXNfdGgzX3VsdDFtNHQzX2N1cjNfZjByXzU0ZG4zNTVffQ==" | base64 -d
picoCTF{r3d_1s_th3_ult1m4t3_cur3_f0r_54dn355_}picoCTF{r3d_1s_th3_ult1m4t3_cur3_f0r_54dn355_}picoCTF{r3d_1s_th3_ult1m4t3_cur3_f0r_54dn355_}picoCTF{r3d_1s_th3_ult1m4t3_cur3_f0r_54dn355_}

🚩Flag

picoCTF{r3d_1s_th3_ult1m4t3_cur3_f0r_54dn355_}