We have been given two images: “original.png” and “intercepted.png”. Let’s comprare them using imagemagick compare tool:
$ compare original.png intercepted.png -highlight-color white -lowlight-color black -compose src diff.png
or
$ magick compare original.png intercepted.png -highlight-color white -lowlight-color black -compose src diff.png
If we look carefully at diff.png, we will notice that there is a strange line containing dots and dashes at the left border of the image. It could be morse code or binary code. We can use the option -extract ‘1x550+0+0’ to isolate the line of interest, i.e. the first vertical line of the image:
compare -extract '1x550+0+0' original.png intercepted.png -highlight-color white -lowlight-color black -compose src diff_first_line.png
But PNG format is not very suitable for raw processing. We can use the ‘gray’ format, a very simple headerless raw format. The option format:- (e.g. gray:-) means “write to the standard output instead of a file”:
$ compare -extract '1x550+0+0' original.png intercepted.png -highlight-color white -lowlight-color black -compose src gray:- | hexdump
0000000 ff00 ff00 0000 ffff ff00 0000 ff00 00ff
0000010 ff00 ff00 0000 00ff ff00 0000 0000 ffff
0000020 ff00 00ff ff00 ff00 ff00 ffff 00ff 00ff
0000030 ff00 0000 ff00 00ff ff00 00ff ffff ff00
0000040 ff00 ff00 00ff 0000 0000 ffff 0000 00ff
0000050 ff00 0000 ff00 00ff ff00 00ff ff00 00ff
...
Now, it’s time for some Perl magic. This perl one-liner packs integers (binary bits) into bytes:
$ compare -extract '1x550+0+0' original.png intercepted.png -highlight-color white -lowlight-color black -compose src gray:- | perl -lpe '$_=pack"B*",$_'
SFRCezFmX2FfdzAwZF9jaHVja19jMHVsZF9jaHVja193MDBkfQ==
Wow! It looks like base64. Let’s try to decode it:
$ compare -extract '1x550+0+0' original.png intercepted.png -highlight-color white -lowlight-color black -compose src gray:- | perl -lpe '$_=pack"B*",$_' | base64 -id
HTB{*******************************}
We got our flag!