Welcome to the Debugmen blog. We use this site to post tools, security findings, CTF writeups and anything else we find worthy of release to the public.

Tenable CTF: Fix me

Fix me

Overview

In this Challenge they give you a broken png, and based on the challenge title I need to fix the png. (Save Link as. because the browser will try to render it)

$ feh fixme.png

libpng error: [27][FF][00][00]: invalid chunk type
feh WARNING: fixme.png_original - No Imlib2 loader for that file format
feh: No loadable images specified.
See 'man feh' for detailed usage information

PNG Format

The PNG format is pretty simple. Its made of chunks that are broken up into length, type, and data sections, where length and type are both 4 bytes, and the data’s length is described by the length value.

A PNG will have its File header, IHDR Chunk, then any ancillary chunks to describe things like pallete, gamma, etc, and finally a bunch of IDAT chunks with a IEND chunk at the end of the file.

Investigating the PNG

010 Editor is an amazing tool and comes with predefined file type templates. When I ran the template it hit an issue parsing the file: unknown chunk type at offset 0x53. Lets checkout what’s going on.

010 Editor PNG 1

Looks like theres invalid data in front of a IDAT chunk. Lets just try deleting it an see if our template works again.

010 Editor PNG 2

010 parses out an IDAT chunk, but it looks like theres more trash data in front of the next IDAT chunk. Turns out this is the case for each IDAT chunk. I went and deleted the all those invalid bytes by hand for each IDAT chunk. This could have been scripted, but I had no clue if this was going to work when I was doing it.

Once I went through all that I tried viewing the image

fixme_flag.png