Imagine you get an Image like this which contains a text. But the image is digitaly distored and you should find a way to made it readable.

I’ve tried to solve a particular challenge of a CTF Game and the final flag was masked like this.

Let’s start

I had to download a file called enigma without file extension.

Open that file in a texteditor shows a signature of a pdf file.

A recheck with the tool TrIDNET confirms that it is a pdf file.

Let’s add the fileexenstion pdf and open the file.

The pdf file contains a image with a cartoon character and the text: I dare you find it! 🙂

Finding Secrets

For the further analysis I used a free tool called Winking PDF Analyzer

A quick view shows that the pdf file contains streams. My assumption was that there is something hidden in that streams and I’ve tried to find a way to decode them.

On stackoverflow I did find a hint howto decode them:

The easiest way to decode a PDF file is to use a tool intended to do it, for example MuPDF can do this with «mutool clean -d <input pdf file> <output PDF file>» will decompress (-d) all the compressed streams in a PDF file and write the output to a new PDF file.

mutool.exe clean -d enigma.pdf enigma_decoded.pdf

As we can see the filesize has changed from 161 KB to 2756 KB