PixelPerfect

Description

PixelPerfect | 128 points

Wait, should this file be that large? I thought my phone was perfect?

Analysis

Challenge file is a screenshot image which seems broken. strings shows nothing of interest.

But exiftool on the other hand shows us a warning

Warning                         : [minor] Trailer data after PNG IEND chunk

zsteg shows more details about trailing chunk.

└─$ zsteg PXL5_SREENSHOT.png   
[?] 161095 bytes of extra data after image end (IEND), offset = 0x446d9

I looked up the value and the image contains 2 IEND parts, which shouldn't be there, every PNG file should have single IEND to indicate EOF.

Even if we extract the excess data it would be really hard to create proper header, there must be something else...

Lurking around google to find something useful I came across a glaring bold text...

CVE-2023-21036

In BitmapExport.java, there is a possible failure to truncate images due to a logic error in the code.Product: AndroidVersions: Android kernelAndroid ID: A-264261868References: N/A

The Post goes into more details.

Solution

Post also contains proof-of-concept tool: https://acropalypse.app/

GPNCTF{N0t_s0_p3rf3ct_aft3rall}

PreviousInsanity Check NextHSCTF

Last updated 1 month ago