So Meta

Description

Solution

1. Step 1Read all EXIF metadata fields
   exiftool reads all metadata embedded in an image file -- EXIF, IPTC, XMP, and more. The flag is stored in the Artist field. Running exiftool on the image prints every field; scan the output for picoCTF.
   exiftool pico_img.pngCopied!
   Learn more

   EXIF (Exchangeable Image File Format) is a standard for storing metadata inside image files. Originally designed for digital cameras, it captures information like camera make/model, exposure settings, GPS coordinates, date/time, and software used. PNG, JPEG, TIFF, and many RAW formats all support EXIF.

   exiftool by Phil Harvey is the most comprehensive metadata reader and writer available. It supports over 20,000 tags across more than 150 file formats. When run on an image, it prints every metadata field it finds -- EXIF, IPTC (editorial metadata), XMP (extensible metadata), ICC color profiles, and more. The flag in this challenge is hidden in the Artist field, which is designed to store the photographer's name but accepts arbitrary text.

   Other common fields that hide data in CTF challenges include:

   • Comment -- a free-text comment field in JPEG and PNG
   • Description / ImageDescription -- image description field
   • Copyright -- copyright notice field
   • UserComment -- a user-writable comment field in EXIF
   • GPS fields -- can encode coordinates that decode to something meaningful

   In real-world digital forensics, EXIF metadata is extremely valuable -- leaked GPS coordinates in photos have exposed the locations of journalists and whistleblowers, and camera serial numbers embedded in EXIF have been used to identify photographers. Privacy-conscious users strip EXIF before sharing images using tools like exiftool -all= image.jpg or mat2.

Flag

picoCTF{...}

EXIF metadata fields (artist, comment, copyright, GPS, etc.) can hold arbitrary text -- always scan all fields when looking for hidden data in image files.