```shell
┌──(kali㉿kali)-[~/code]
└─$ zsteg -a pico.flag.png | grep "pico"
b1,rgb,lsb,xy .. text: "picoCTF{7h3r3_15_n0_5p00n_a9a181eb}$t3g0"
...
(Omit)
```
- ref:
https://github.com/zed-0xff/zsteg
(main point: install with the command:`gem install zsteg`)
- usage:
```shell
┌──(kali㉿kali)-[~/code]
└─$ zsteg
Usage: zsteg [options] filename.png [param_string]
-a, --all try all known methods
-E, --extract NAME extract specified payload, NAME is like '1b,rgb,lsb'
Iteration/extraction params:
-o, --order X pixel iteration order (default: 'auto')
valid values: ALL,xy,yx,XY,YX,xY,Xy,bY,...
-c, --channels X channels (R/G/B/A) or any combination, comma separated
valid values: r,g,b,a,rg,bgr,rgba,r3g2b3,...
-b, --bits N number of bits, single int value or '1,3,5' or range '1-8'
advanced: specify individual bits like '00001110' or '0x88'
--lsb least significant bit comes first
--msb most significant bit comes first
-P, --prime analyze/extract only prime bytes/pixels
--shift N prepend N zero bits
--invert invert bits (XOR 0xff)
--pixel-align pixel-align hidden data
Analysis params:
-l, --limit N limit bytes checked, 0 = no limit (default: 256)
--[no-]file use 'file' command to detect data type (default: YES)
--no-strings disable ASCII strings finding (default: enabled)
-s, --strings X ASCII strings find mode: first, all, longest, none
(default: first)
-n, --min-str-len X minimum string length (default: 8)
-v, --verbose Run verbosely (can be used multiple times)
-q, --quiet Silent any warnings (can be used multiple times)
-C, --[no-]color Force (or disable) color output (default: auto)
PARAMS SHORTCUT
zsteg fname.png 2b,b,lsb,xy ==> --bits 2 --channel b --lsb --order xy
```
Sign in with Wallet
Connect another wallet