{"id":20302194,"url":"https://github.com/ecthros/colorblind-writeup","last_synced_at":"2026-03-09T00:31:27.884Z","repository":{"id":128551550,"uuid":"156488949","full_name":"ecthros/colorblind-writeup","owner":"ecthros","description":"Writeup to UMDCTF's colorblind challenge","archived":false,"fork":false,"pushed_at":"2018-11-07T04:51:27.000Z","size":3,"stargazers_count":1,"open_issues_count":1,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-04T06:41:46.663Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ecthros.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-11-07T04:08:56.000Z","updated_at":"2022-03-11T15:28:40.000Z","dependencies_parsed_at":"2023-03-22T00:21:44.104Z","dependency_job_id":null,"html_url":"https://github.com/ecthros/colorblind-writeup","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/ecthros/colorblind-writeup","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ecthros%2Fcolorblind-writeup","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ecthros%2Fcolorblind-writeup/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ecthros%2Fcolorblind-writeup/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ecthros%2Fcolorblind-writeup/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ecthros","download_url":"https://codeload.github.com/ecthros/colorblind-writeup/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ecthros%2Fcolorblind-writeup/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30278509,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-08T20:45:49.896Z","status":"ssl_error","status_checked_at":"2026-03-08T20:45:49.525Z","response_time":56,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-14T16:29:36.079Z","updated_at":"2026-03-09T00:31:27.861Z","avatar_url":"https://github.com/ecthros.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# colorblind-writeup\nWriteup to UMDCTF's colorblind challenge\n\nColorBlind is a challenge that requires players to understand a little about PNG headers and chunks. The challenge is as follows:\n\n# Colorblind\nHelp! I can't seem to see the flag...I'm colorblind. Are you?\n\n* `Author` -- Towel\n* File: https://github.com/0xTowel/UMDCTF-2018-Challenges/raw/master/Steganography/ColorBlind/colorblind.png\n\nAfter downloading the file, I first tried to open it, but noticed that the file seemed corrupted in some way.\n\nLet's first check if the file is actually a PNG by running the `file` command:\n\n```\nfile colorblind.png\ncolorblind/colorblind.png: PNG image data, 1920 x 834, 4-bit colormap, non-interlaced\n```\n\nWe notice that this is a PNG. Let's check that the headers and chunks are correct with `pngcheck`:\n\n```\npngcheck colorblind.png\nOK: colorblind/colorblind.png (1920x834, 4-bit palette, non-interlaced, -88.6%).\n```\n\nLooks good! So maybe the chunks aren't corrupted. Let's explore the first few chunks. Each chunk has the length of the chunk followed by the name of the chunk. The first chunk in PNG files, after the first 7 mandatory hardcoded bytes, is the IHDR chunk, which has the following fields:\n\n```\nWidth:              4 bytes - 0x00000780  (1920)\nHeight:             4 bytes - 0x00000342  (834)\nBit depth:          1 byte  - 0x04\nColor type:         1 byte  - 0x03\nCompression method: 1 byte  - 0x00\nFilter method:      1 byte  - 0x00\nInterlace method:   1 byte  - 0x00\n```\nThese line up with what we got from the `file` command. The next block is the PLTE chunk. Values in the PLTE chunk are RGB values, and are therefore 3 bytes each. For example, the first palette value is FF 80 00.\n\nLet's assume that the palette is correct, but the fact that it is a palette image is not correct. There are several possibilities for what the color type could be:\n```\n   Color    Allowed    Interpretation\n   Type    Bit Depths\n   \n   0       1,2,4,8,16  Each pixel is a grayscale sample.\n   \n   2       8,16        Each pixel is an R,G,B triple.\n   \n   3       1,2,4,8     Each pixel is a palette index;\n                       a PLTE chunk must appear.\n   \n   4       8,16        Each pixel is a grayscale sample,\n                       followed by an alpha sample.\n   \n   6       8,16        Each pixel is an R,G,B triple,\n                       followed by an alpha sample.\n```\nCurrently, the color type is set to 3. What if we set it to different values? I tried each, but let's assume I was smart and guessed 6 first. (As an aside, the PLTE header is not allowed for types 0 and 2, is required for type 3, and is optional for types 4 and 6). \n\nFirst, we overwrite the value for the color type to 0x06. However we also need to set the allowed bit depth, since 4 - the old value - is not permitted. Let's change it to 0x08, a permitted value. I used a simple hex editor to make these changes.\n\nI then opened the picture, but got the following error: `Fatal error reading PNG image file: PLTE: CRC error`. Each block also requires the CRC (Cyclic Redundancy Check) to be correct. For each chunk, the CRC is found with the following formula: \n\n```\nCRC32(Chunk Type || data)\n```\nSo in this case, we need to compute the CRC for the following:\n```\nCRC32(49 48 44 52 00 00 07 80 00 00 03 42 04 03 00 00 00)\n```\nWe can compute this with the `crc32` command, or use an online CRC32 calculator, which I did. Remember that PNG requires numbers to be in Big Endian, which gives `0x87cdd16a`. Then, we overwrite the old checksum with the new one. Let's make sure we di everything correctly with `pngcheck`:\n```\npngcheck colorblind.png\nOK: colocopy.png (1920x834, 32-bit RGB+alpha, non-interlaced, 76.4%).\n```\n\nAwesome! Let's open it up. We get the following:\n\n![colocopy](https://user-images.githubusercontent.com/14065974/48111049-8f3f0100-e21d-11e8-9efc-e68b662b24ab.png)\n\nLooks like we're not quite done yet. But hey, that thing on the bottom looks like a QR code, no? Let's extend and crop it:\n\n![cropped](https://user-images.githubusercontent.com/14065974/48111097-d927e700-e21d-11e8-95f9-a786d0339781.png)\n\nThese colors appear to be incorrect - look up any QR code, and it looks like the colors have been inverted. We can fix this using Gimp. Open up the image in Gimp, go to the Colors Menu, and click \"Invert\". This gives:\n\n![inverted](https://user-images.githubusercontent.com/14065974/48111163-3d4aab00-e21e-11e8-8048-6e2f728090cf.png)\n\nWe're close, but it isn't correct. The black squares should be at the bottom left, top left, and top right of the picture. Let's try rotating it 90 degrees to the left (I used paint):\n\n![rotated](https://user-images.githubusercontent.com/14065974/48111215-88fd5480-e21e-11e8-8efc-09eff2dd4125.png)\n\nNow we use a QR code reader and get:\n\n`UMDCTF-Wh0_N3eded_Th4t_Color_StuFF_ANyW4y`\n\nYay!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fecthros%2Fcolorblind-writeup","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fecthros%2Fcolorblind-writeup","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fecthros%2Fcolorblind-writeup/lists"}