Unswirl Image
1. Introduction
Imagine you get an Image like this which contains a text. But the image is digitaly distored and you should find a way to made it readable. I’ve tried to solve a particular challenge of a CTF Game and the final flag was masked like this 😎
2. The Challenge
The challenge contained a file without file extension. It's a pdf file and I'll add it here:
3. Analysis
Open that file in a texteditor shows a signature of a pdf file:
A recheck with the tool TrIDNET confirms that the signature match a pdf file:
The pdf file contains a image with a cartoon character and the text: I dare you find it! 😄
For the further analysis I've used a free tool called Winking PDF Analyzer
A quick view shows that the pdf file contains streams. My assumption was that there is something hidden in that streams and I’ve tried to find a way to decode them.
On stackoverflow I did find a hint howto decode them:
The easiest way to decode a PDF file is to use a tool intended to do it, for example MuPDF can do this with „
mutool clean -d <input pdf file> <output PDF file>“ will decompress (-d) all the compressed streams in a PDF file and write the output to a new PDF file.mutool.exe clean -d enigma.pdf enigma_decoded.pdf
As we can see the filesize has changed from 161 KB to 2746 KB!
If I open the decoded pdf file again in Winking PDF Analyzer, I can see a reference of two images:
mutool.exe extract enigma_decoded.pdf
I’m using again mutool to extract the images of the pdf:
img-005.png is the cartoon, but now let’s see what is img-004.png
4. Retrieve the flag
Sadly I had no plan how to revert that image, but a friend of mine gave me a hint:
What computers can swirl, Computers can unswirl!
In 2007 the police catched a pedophile men who tried to mask his identity with a swirl face.
It is possible to revert the image with photoshop or an online image editing tool.
Now we can try to revert the image with photoshop by choosing the effect distort –> twirl
Or using an online image editor, which is a much faster way:
The same can be done with the black image above and we can read the text:
Last updated
