Hiding in Plain Sight 2 — MetaCTF

Description

Something here seems a little off, can you figure out what? The flag will be the name of the person or object you find, such as DawgCTF{Turkey_Sandwich}

English summary: we are given a PNG image (ps2.png) and told that something hidden inside it should identify a person or object. The goal is to recover that hidden subject and format the answer as a DawgCTF{...} flag.

Source: https://metaproblems.com/9158c536955b3b93c3b1ec47841cc0ff/ps2.png

Analysis

The first pass was standard image reconnaissance.

• The file was a valid PNG.
• Dimensions were 2400x1350 with RGBA channels.
• There was no useful EXIF metadata.
• PNG chunk inspection showed a normal structure.
• There was no appended payload after the PNG end.

That ruled out the easy cases: hidden archives, obvious metadata leaks, or malformed-file tricks.

Because the first "Hiding in Plain Sight" style challenge used a hybrid-image effect, I also tested the usual visual transforms:

• Gaussian blur
• aggressive downscaling / resizing
• grayscale conversion
• pixelation / block averaging

Those checks were reasonable, but they were not the decisive path here. They did not cleanly reveal a second face or object the way a classic hybrid image would.

The breakthrough came from bit-plane analysis. Extracting the low-order bit planes of the RGB channels revealed that the least-significant-bit view contained an embedded image. The strongest result was the combined RGB bit-0 output (ps2_rgb_bit0.png), where the left side clearly showed a hidden human figure.

The right side still looked like noisy landscape-related residue, but the left side was recognizable: a man wearing a cap, matching shirt, and wristbands in the familiar John Cena style. Even without perfect photographic clarity, the combination of silhouette, outfit, and pose is distinctive enough to identify the subject as John Cena.

Solution

Step 1: Perform basic recon

Typical checks:

file ps2.png
exiftool ps2.png
pngcheck -v ps2.png

This confirmed that the PNG itself looked structurally normal and did not contain an obvious appended blob or metadata-based answer.

Step 2: Try hybrid-image style checks

Since this challenge family can hide content through scale or blur, test quick variants such as blur, resize, grayscale, and pixelation. These checks were worth doing, but in this case they were only weakly informative and did not directly expose the answer.

Step 3: Extract bit planes

The useful technique was to isolate the low-order bits of the RGB channels. The following Pillow script generates per-channel and combined bit-plane views.

#!/usr/bin/env python3
from PIL import Image

img = Image.open("ps2.png").convert("RGBA")
r, g, b, a = img.split()

def bitplane(channel, bit):
    src = channel.load()
    out = Image.new("L", channel.size)
    dst = out.load()
    for y in range(channel.height):
        for x in range(channel.width):
            dst[x, y] = 255 if ((src[x, y] >> bit) & 1) else 0
    return out

for name, channel in [("r", r), ("g", g), ("b", b)]:
    for bit in range(8):
        bitplane(channel, bit).save(f"ps2_{name}_bit{bit}.png")

rgb0 = Image.merge("RGB", (
    bitplane(r, 0),
    bitplane(g, 0),
    bitplane(b, 0),
))
rgb0.save("ps2_rgb_bit0.png")

Step 4: Identify the hidden subject

Open ps2_rgb_bit0.png. The left side shows the hidden embedded figure clearly enough to recognize:

• baseball cap
• bright shirt
• wristbands / arm accessories
• overall look associated with wrestling promo images

Those features match John Cena, which gives the flag.

Optional tool-based alternatives

• stegsolve can be used to click through bit planes interactively.
• zsteg is often useful for PNG LSB checks, although manual or scripted bit-plane visualization was enough here.