CTFLEARN Exif Writeup

September 27, 2022 CTF, Cyber Security, Forensics Comments Off on CTFLEARN Exif Writeup

Prompt: If only the password were in the image?

https://mega.nz/#!SDpF0aYC!fkkhBJuBBtBKGsLTDiF2NuLihP2WRd97Iynd3PhWqRw You could really ‘own’ it with exif.

The challenge title provides the key hint to solving this challenge, Exif. A linux command line tool of the same name can be used to extract data from the provided image file. From the man page, exif is a small command-line utility to show and change EXIF infomation in JPEG files. Exif stands for Exchangable Image File Format, and is a stardard that specifies formats for images, sound, and ancillary tags used by digital cameras, smartphones, scanners, etc.

Using the below command outputs the following metadata of the picture:

exif -i ./Computer-Password-Security-Hacker\ -\ Copy.jpg

EXIF tags in './Computer-Password-Security-Hacker - Copy.jpg' ('Motorola' byte order):
------+------------------------------------------------------------------------
Tag   |Value
------+------------------------------------------------------------------------
0x0128|Internal error (unknown value 1)
0x0213|Centered
0x011a|72
0x011b|72
0x9000|Exif Version 2.31
0x9101|Y Cb Cr -
0xa000|FlashPix Version 1.0
0xa430|flag{3l1t3_3x1f_4uth0r1ty_dud3br0}
0xa001|Uncalibrated
0x0001|S
0x0002|77, 17, 2.61894
0x0003|E
0x0004|44,  4, 7.3047
------+------------------------------------------------------------------------

We can already see the flag based on the present output, but digging a little deeper can provide further insight into how this tool could be used in other ways. Take the below input/output into consideration:

exif -t 0xa430 ./Computer-Password-Security-Hacker\ -\ Copy.jpg

EXIF entry 'Camera Owner Name' (0xa430, 'CameraOwnerName') exists in IFD 'EXIF':
Tag: 0xa430 ('CameraOwnerName')
  Format: 2 ('ASCII')
  Components: 35
  Size: 35
  Value: flag{3l1t3_3x1f_4uth0r1ty_dud3br0}

By viewing the specific tag we can see that the actual field that the flag is occupying is the Camera Owner Name metadata. Intereesting!

Flag: flag{3l1t3_3x1f_4uth0r1ty_dud3br0}

Key takeaway: Exif is a powerful linux command line tool that can be used to view metadata of an image file.

Word Count: 270