"Brian Pak" firstname.lastname@example.org
Kaprica Security (KPRCA)
This service performs Least Significant Bit (LSB) steganography on a PKK file. It supports two modes: embed and extract. The user can provide a PKK image and the secret text to be hidden in the image with a specific format, or provide a PKK image that has hidden message inside to extract the message. The program expects a specific format (encapsulation) for an input.
This service supports the following features:
The service accepts an input of the following format:
In case the input is for the extract mode, the text data size should be 0 and text data should be an empty string.
When the secret message is embedded into the image, it is first encapsulated into a special format:
There is a maximum length limit for the secret text to be embedded, which is set to 1000 bytes. However, when extracting the hidden text, the service blindly trusts the size field without validation.
Then, with a carefully crafted input (PKK with a hidden text data size set to a value larger than 1000 along with long enough data), it is possible to overflow the stack-based buffer that is used to reconstruct the embedded message to cause a crash.
Also, there's an integer overflow with large widht or height.
Stack Buffer Overflow
Stack-based Buffer Overflow (CWE-121)
Integer Overflow or Wraparound (CWE-190)
This CB tests if the competitors can reason about the data flow and bit operations performed upon the input, since the size field needs to be correctly encoded (using LSB) to be parsed by the service.
Curated by Lunge Technology, LLC. Questions or comments? Send us email