I had a quick question, doing a hacking challenge to find a flag hidden in a picture. Pretty easy right? Yeah, not so much as it turns out the picture isn’t a .mpeg . jpeg or anything like that but instead is a .Webp file which contains a hidden json. So question is, how would I go about obtaining the flag? The first part of the challenge was extremely easy as it was just the picture below
It’s not a normal/typical looking picture so my thoughts were it was sort of like a barcode so I analyzed the different color(s)/shade(s) and converted it to hex which provided me with the following:
Gl@54G$v#4$uPn4Tm@4h
This is NOT the flag, as flag format will be flag{foundFlagHere}. So I popped the into my terminal and typed file nameOfFile which showed it was a webP file. I was still not sure what to do, however I noticed that when I went to “View downloads” (on my phone) I noticed that unlike the typical picture which usually shows the actual picture you downloaded I noticed this one was different as it showed up as the picture below.
So, obviously something else is going on with that picture. After some time spent thinking and tinkering I came to the conclusion that the picture actually contains a hidden json file.
Long story short, somehow I have to take the key I obtained earlier (Gl@54G$v#4$uPn4Tm@4h) and enter it in, either the picture somehow or json (I converted the Webp picture to json). So, how would I obtain the actual key in a webP file?