search

Unswirl Image

hashtag
1. Introduction

Imagine you get an Image like this which contains a text. But the image is digitaly distored and you should find a way to made it readable. I’ve tried to solve a particular challenge of a CTF Game and the final flag was masked like this 😎

hashtag
2. The Challenge

The challenge contained a file without file extension. It's a pdf file and I'll add it here:

file-pdf
160KB
enigma.pdf
PDF
arrow-up-right-from-squareOpen
Challenge File

hashtag
3. Analysis

Open that file in a texteditor shows a signature of a pdf file:

A recheck with the tool TrIDNETarrow-up-right confirms that the signature match a pdf file:

The pdf file contains a image with a cartoon character and the text: I dare you find it! 😄

For the further analysis I've used a free tool called Winking PDF Analyzerarrow-up-right

A quick view shows that the pdf file contains streams. My assumption was that there is something hidden in that streams and I’ve tried to find a way to decode them.

On stackoverflowarrow-up-right I did find a hint howto decode them:

The easiest way to decode a PDF file is to use a tool intended to do it, for example MuPDFarrow-up-right can do this with „mutool clean -d <input pdf file> <output PDF file>“ will decompress (-d) all the compressed streams in a PDF file and write the output to a new PDF file.

mutool.exe clean -d enigma.pdf enigma_decoded.pdf

As we can see the filesize has changed from 161 KB to 2746 KB!

If I open the decoded pdf file again in Winking PDF Analyzer, I can see a reference of two images:

mutool.exe extract enigma_decoded.pdf

I’m using again mutool to extract the images of the pdf:

img-005.png is the cartoon, but now let’s see what is img-004.png

hashtag
4. Retrieve the flag

Sadly I had no plan how to revert that image, but a friend of mine gave me a hint:

What computers can swirl, Computers can unswirl!

In 2007 the police catched a pedophilearrow-up-right men who tried to mask his identity with a swirl face.

It is possible to revert the image with photoshop or an online image editing tool.

Now we can try to revert the image with photoshoparrow-up-right by choosing the effect distort –> twirl

Or using an online image editorarrow-up-right, which is a much faster way:

The same can be done with the black image above and we can read the text:

PreviousImage ForensicsNextManual Filecarving 1

Last updated

Was this helpful?