Description
Ron just found his own copy of advanced potion making, but its been corrupted by some kind of spell. Help him recover it!
advanced-potion-making
Solution
Download the file and see the file content.
file advanced-potion-making
advanced-potion-making: data
exiftool advanced-potion-making
ExifTool Version Number : 12.67
File Name : advanced-potion-making
Directory : .
File Size : 30 kB
File Modification Date/Time : 2024:04:16 21:33:41-04:00
File Access Date/Time : 2024:04:16 21:56:21-04:00
File Inode Change Date/Time : 2024:04:16 21:52:06-04:00
File Permissions : -rwxr-xr-x
Error : Unknown file type
As described, the file is corrupted so we don’t know the file type.
In this case, we can check the file signature.
The corrupted file starts with 89 50 42 11 0d 0a...
xxd advanced-potion-making | head
00000000: 8950 4211 0d0a 1a0a 0012 1314 4948 4452 .PB.........IHDR
00000010: 0000 0990 0000 04d8 0802 0000 0004 2de7 ..............-.
00000020: 7800 0000 0173 5247 4200 aece 1ce9 0000 x....sRGB.......
00000030: 0004 6741 4d41 0000 b18f 0bfc 6105 0000 ..gAMA......a...
00000040: 0009 7048 5973 0000 1625 0000 1625 0149 ..pHYs...%...%.I
00000050: 5224 f000 0076 3949 4441 5478 5eec fd61 R$...v9IDATx^..a
00000060: 72e3 4c94 a659 ce16 6afe 76cd fe57 d7dd r.L..Y..j.v..W..
00000070: 5b18 45e9 4b8a 7a28 d19d 2048 07a9 6376 [.E.K.z(.. H..cv
00000080: ac2d 2b3e bfaf 5f07 1801 82d7 b2f3 fff3 .-+>.._.........
00000090: fffc 7fff 7f00 0000 0000 0000 4b18 5802 ............K.X.
I think it is supposed to be a PNG file since it has a similar file signature
So, let’s fix the file’s hex of the header to that of PNG.
hexeditor advanced-potion-making
Although it became a PNG file, I couldn’t still open it.
pngcheck -7cpqtv advanced-potion-making.png
File: advanced-potion-making.png (30372 bytes)
chunk IHDR at offset 0x0000c, length 1184532: EOF while reading data
ERRORS DETECTED in advanced-potion-making.png
Hmmm.. it is still corrupted and the offset is indicating IHDR has some problems.
I need more research on it…
I found a good image of IHDR hex from here.
There are critical chunks in a PNG file; one is IHDR (Image header).
IHDR stores information about the image’s properties.
According to here, the length of IHDR is 13 bytes.
That’s why the hex of IHDR length should be 00 00 00 0D
which is 13 in decimal.
After modifying it, I got the red image file.
I changed the RGB settings in stegonline to find the hidden message.
Then I could see the hidden flag!
Finally, I share a very good resource for IHDR.