Monday, September 21, 2015

CSAW 2015: Forensics 200: Airport

I enjoyed this challenge, mostly cause I got to look at airplanes, but for this problem we were given 5 images. 4 of them were png images of airports, and 1 was a jpg of the logo for steghide. After a little bit of research I found that steghide was a stenography tool which could hide/unhide information in jpg images. As a result of this I came to the idea that I was only going to have to run this on the actual logo image, and the other 4 images meant something else, most likely leading to the password needed for stenography.

Using a little bit of reverse image searches we found that each of the images were:
Aeropuerto Jose Marti (HAV)

Hong Kong International Airport(HKG)

Los Angeles International Airport (LAX)

Toronto International Airport (YYZ)
 The first couple of these were pretty easy using a reverse image search, however the third only linked to a Korean man's travel itinerary (in Korean). From this we initially were thinking that it was a airport in Seoul, however looking this up online it looked completely different, so we looked where he flew to, which was LAX. The Toronto Airport we found using a little more creative methods. There were two roads labeled on the picture, which it ended up wasn't in the US, which threw me off a little bit, but it ended up being in Toronto.

From this I decided to use all of the 3 letter identifier in the order of the numbered images in order using the steghide tool, and it worked!



No comments:

Post a Comment