search

PixelPerfect

hashtag
Description

PixelPerfect | 128 points

Wait, should this file be that large? I thought my phone was perfect?

Downloads: PixelPerfect.tar.gzarrow-up-right

hashtag
Analysis

Challenge file is a screenshot image which seems broken. strings shows nothing of interest.

But exiftool on the other hand shows us a warning

Warning                         : [minor] Trailer data after PNG IEND chunk

zsteg shows more details about trailing chunk.

└─$ zsteg PXL5_SREENSHOT.png   
[?] 161095 bytes of extra data after image end (IEND), offset = 0x446d9

I looked up the value and the image contains 2 IEND parts, which shouldn't be there, every PNG file should have single IEND to indicate EOF.

Even if we extract the excess data it would be really hard to create proper header, there must be something else...

Lurking around google to find something useful I came across a glaring bold text...pixel-perfect-1

CVE-2023-21036arrow-up-right

In BitmapExport.java, there is a possible failure to truncate images due to a logic error in the code.Product: AndroidVersions: Android kernelAndroid ID: A-264261868References: N/A

The Postarrow-up-right goes into more details.

hashtag
Solution

Post also contains proof-of-concept tool: https://acropalypse.app/arrow-up-right

pixel-perfect-2

GPNCTF{N0t_s0_p3rf3ct_aft3rall}

PreviousInsanity CheckNextHSCTF

Last updated