Main:
An article on Steg22.
Hello everyone, if you are here that means you are stuck about how to attack this challenge. For this challenge, you will need to read up on JPEG header information and how to convert decimal numbers to hexadecimal numbers. In this article, you will learn a little about JPEG headers and how to look at this challenge Outside the box.
JPEG headers are the main construct of the image. They carry all the information about the image. When you open an image into a viewer it first loads these headers which are triggered by viewing markers. The first marker is called SOI, or Start of Image, marker. This marker tells the rendering application that it is a JPEG image and it is a standard image that can be read by any platform. This marker is shown as JFIF. After the SOI marker is read, a series of other markers follow; the header information. Each header holds a specific attribute of the image and is immediately followed by two bytes to set the length of the headers information. A marker is starts off with the hexadecimal FF. Here is a basic outline of what image headers look like.
-- Copied, not my own layout! --
Start of Image (SOI) marker -- two bytes (FFD8)
JFIF marker (FFE0)
length -- two bytes
identifier -- five bytes: 4A, 46, 49, 46, 00 (the ASCII code equivalent of a zero terminated "JFIF" string)
version -- two bytes: often 01, 02
o the most significant byte is used for major revisions
o the least significant byte for minor revisions
units -- one byte: Units for the X and Y densities
o 0 => no units, X and Y specify the pixel aspect ratio
o 1 => X and Y are dots per inch
o 2 => X and Y are dots per cm
Xdensity -- two bytes
Ydensity -- two bytes
Xthumbnail -- one byte: 0 = no thumbnail
Ythumbnail -- one byte: 0 = no thumbnail
(RGB)n -- 3n bytes: packed (24-bit) RGB values for the thumbnail pixels, n = Xthumbnail * Ythumbnail
Define Quantization table marker (FFDB)
the first two bytes, the length, after the marker indicate the number of bytes, including the two length bytes, that this header contains
until the length is exhausted (loads two quantization tables for baseline JPEG)
o the precision and the quantization table index -- one byte: precision is specified by the higher four bits and index is specified by the lower four bits
precision in this case is either 0 or 1 and indicates the precision of the quantized values; 8-bit (baseline) for 0 and up to 16-bit for 1
o the quantization values -- 64 bytes
the quantization tables are stored in zigzag format
Define Huffman table marker (FFC4)
the first two bytes, the length, after the marker indicate the number of bytes, including the two length bytes, that this header contains
until length is exhausted (usually four Huffman tables)
o index -- one byte: if >15 (i.e. 0x10 or more) then an AC table, otherwise a DC table
o bits -- 16 bytes
o Huffman values -- # of bytes = the sum of the previous 16 bytes
Start of frame marker (FFC0)
the first two bytes, the length, after the marker indicate the number of bytes, including the two length bytes, that this header contains
P -- one byte: sample precision in bits (usually 8, for baseline JPEG)
Y -- two bytes
X -- two bytes
Nf -- one byte: the number of components in the image
o 3 for color baseline JPEG images
o 1 for grayscale baseline JPEG images
Nf times:
o Component ID -- one byte
o H and V sampling factors -- one byte: H is first four bits and V is second four bits
o Quantization table number-- one byte
The H and V sampling factors dictate the final size of the component they are associated with. For instance, the color space defaults to YCbCr and the H and V sampling factors for each component, Y, Cb, and Cr, default to 2, 1, and 1, respectively (2 for both H and V of the Y component, etc.) in the Jpeg-6a library by the Independent Jpeg Group. While this does mean that the Y component will be twice the size of the other two components--giving it a higher resolution, the lower resolution components are quartered in size during compression in order to achieve this difference. Thus, the Cb and Cr components must be quadrupled in size during decompression.
Start of Scan marker (FFDA)
the first two bytes, the length, after the marker indicate the number of bytes, including the two length bytes, that this header contains
Number of components, n -- one byte: the number of components in this scan
n times:
o Component ID -- one byte
o DC and AC table numbers -- one byte: DC # is first four bits and AC # is last four bits
Ss -- one byte
Se -- one byte
Ah and Al -- one byte
Comment marker (FFFE)
the first two bytes, the length, after the marker indicate the number of bytes, including the two length bytes, that this header contains
whatever the user wants
End of Image (EOI) marker (FFD9)
the very last marker
(Taken from James R. Weeks : http://www.obrador.com/essentialjpeg/headerinfo.htm )
-- End of Copy --
Now that you have a basic understanding on how a JPEG image is rendered you can start thinking on how Steg22 can be withholding or providing information.
For the final part you need to think Outside the box. Think on that for a bit it will come to you. Once you figure out that little riddle, congrats!
I would like to thank System_Meltdown for pointing me in the right direction for this challenge. Without his knowledge I would still be lost.
*edited due to spoilers - elmiguel*
-elmiguel
JPEG headers are the main construct of the image. They carry all the information about the image. When you open an image into a viewer it first loads these headers which are triggered by viewing markers. The first marker is called SOI, or Start of Image, marker. This marker tells the rendering application that it is a JPEG image and it is a standard image that can be read by any platform. This marker is shown as JFIF. After the SOI marker is read, a series of other markers follow; the header information. Each header holds a specific attribute of the image and is immediately followed by two bytes to set the length of the headers information. A marker is starts off with the hexadecimal FF. Here is a basic outline of what image headers look like.
-- Copied, not my own layout! --
Start of Image (SOI) marker -- two bytes (FFD8)
JFIF marker (FFE0)
length -- two bytes
identifier -- five bytes: 4A, 46, 49, 46, 00 (the ASCII code equivalent of a zero terminated "JFIF" string)
version -- two bytes: often 01, 02
o the most significant byte is used for major revisions
o the least significant byte for minor revisions
units -- one byte: Units for the X and Y densities
o 0 => no units, X and Y specify the pixel aspect ratio
o 1 => X and Y are dots per inch
o 2 => X and Y are dots per cm
Xdensity -- two bytes
Ydensity -- two bytes
Xthumbnail -- one byte: 0 = no thumbnail
Ythumbnail -- one byte: 0 = no thumbnail
(RGB)n -- 3n bytes: packed (24-bit) RGB values for the thumbnail pixels, n = Xthumbnail * Ythumbnail
Define Quantization table marker (FFDB)
the first two bytes, the length, after the marker indicate the number of bytes, including the two length bytes, that this header contains
until the length is exhausted (loads two quantization tables for baseline JPEG)
o the precision and the quantization table index -- one byte: precision is specified by the higher four bits and index is specified by the lower four bits
precision in this case is either 0 or 1 and indicates the precision of the quantized values; 8-bit (baseline) for 0 and up to 16-bit for 1
o the quantization values -- 64 bytes
the quantization tables are stored in zigzag format
Define Huffman table marker (FFC4)
the first two bytes, the length, after the marker indicate the number of bytes, including the two length bytes, that this header contains
until length is exhausted (usually four Huffman tables)
o index -- one byte: if >15 (i.e. 0x10 or more) then an AC table, otherwise a DC table
o bits -- 16 bytes
o Huffman values -- # of bytes = the sum of the previous 16 bytes
Start of frame marker (FFC0)
the first two bytes, the length, after the marker indicate the number of bytes, including the two length bytes, that this header contains
P -- one byte: sample precision in bits (usually 8, for baseline JPEG)
Y -- two bytes
X -- two bytes
Nf -- one byte: the number of components in the image
o 3 for color baseline JPEG images
o 1 for grayscale baseline JPEG images
Nf times:
o Component ID -- one byte
o H and V sampling factors -- one byte: H is first four bits and V is second four bits
o Quantization table number-- one byte
The H and V sampling factors dictate the final size of the component they are associated with. For instance, the color space defaults to YCbCr and the H and V sampling factors for each component, Y, Cb, and Cr, default to 2, 1, and 1, respectively (2 for both H and V of the Y component, etc.) in the Jpeg-6a library by the Independent Jpeg Group. While this does mean that the Y component will be twice the size of the other two components--giving it a higher resolution, the lower resolution components are quartered in size during compression in order to achieve this difference. Thus, the Cb and Cr components must be quadrupled in size during decompression.
Start of Scan marker (FFDA)
the first two bytes, the length, after the marker indicate the number of bytes, including the two length bytes, that this header contains
Number of components, n -- one byte: the number of components in this scan
n times:
o Component ID -- one byte
o DC and AC table numbers -- one byte: DC # is first four bits and AC # is last four bits
Ss -- one byte
Se -- one byte
Ah and Al -- one byte
Comment marker (FFFE)
the first two bytes, the length, after the marker indicate the number of bytes, including the two length bytes, that this header contains
whatever the user wants
End of Image (EOI) marker (FFD9)
the very last marker
(Taken from James R. Weeks : http://www.obrador.com/essentialjpeg/headerinfo.htm )
-- End of Copy --
Now that you have a basic understanding on how a JPEG image is rendered you can start thinking on how Steg22 can be withholding or providing information.
For the final part you need to think Outside the box. Think on that for a bit it will come to you. Once you figure out that little riddle, congrats!
I would like to thank System_Meltdown for pointing me in the right direction for this challenge. Without his knowledge I would still be lost.
*edited due to spoilers - elmiguel*
-elmiguel
Posted by 
