The first steganography challenge! First, we download the image that the challenge is talking about.
A good general starting point for CTF-like image steganography is to open the image in a text editor, or run the UNIX command "strings" which extracts printable text from a file (CyberChef has this utility). Both of these do essentially the same thing. Using CyberChef to run strings on the image file, we scroll to the bottom of the output and find:
...omitted...
(h7v
)>Ib
mshi
1u3dc
LGP=
ytKb
]N_3n{
flag{challenge3-LnBkpHCZmSZFXXmgHCFmgECKE}
An explanation of why/how this works is given in the next section.
Our flag is:
<aside> 💡 flag{challenge3-LnBkpHCZmSZFXXmgHCFmgECKE}
</aside>
As you probably know, an image is essentially just an array of bytes. Let's consider this example:
0 0 0 1 1 0 0 0
0 0 1 1 1 1 0 0
0 1 1 1 1 1 1 0
1 1 1 1 1 1 1 1
0 0 0 1 1 0 0 0
0 0 0 1 1 0 0 0
0 0 0 1 1 0 0 0
0 0 0 1 1 0 0 0
Here, we have an (hastily drawn) image of an arrow, where each pixel is represented by one bit. Thus we can start from the top left and read the data like a book, essentially turning this array of bits into a single string of bits ("collapsing" the array):
00011000 00111100 01111110 11111111 00011000 00011000 00011000 00011000
This string of binary is the raw image data, i.e. what is stored in the file. Note that in order to actually display the image from this string of bits we need to know the image size, in this case 8x8.
What happens if we open this in a text editor? What a text editor does is takes a string of binary (the file data) and attempts to display it as printable text. For example, if the file data was
01001000 01100101 01101100 01101100 01101111 00101100 00100000 01110111 01101111 01110010 01101100 01100100 00100001