picoCTF Solutions
picoCTF 2022ForensicsMedium

Enhance!

Published: July 20, 2023

Description

Despite the hint to "enhance," there's no need to zoom the image; just read the text stored in the SVG file.

Setup

Download drawing.flag.svg

Run `strings` or open the SVG in a text editor.

Grep for lines containing `>` / `<` and strip the XML tags to reveal the embedded characters.

strings drawing.flag.svg | grep ">" | cut -d '>' -f2 | cut -d '<' -f1 | tr -d '\n '

Solution

  1. Step 1Treat the SVG as text
    SVG files are XML, so you can view them as text. The flag's letters appear as separate `<text>` nodes.
    Learn more

    SVG (Scalable Vector Graphics) is an XML-based image format that describes graphics through markup rather than pixels. Unlike raster formats (PNG, JPEG), SVG files are plain text that a browser or renderer interprets - you can open one in any text editor and read the underlying structure directly.

    Because SVG is XML, it can embed arbitrary text content inside <text> elements. These elements are part of the document object model (DOM), so a browser renders them visually, but they are just as readable in the raw file. This makes SVG a common steganography vector in CTFs: content can be hidden at very small font sizes, in white text on a white background, or outside the visible viewport - invisible to the eye but plainly readable in the source.

    The challenge title references the TV trope of endlessly enhancing low-resolution images to reveal hidden detail. The joke is that the real "enhancement" is recognizing that SVG is text, not a bitmap - no image processing needed.

  2. Step 2Remove the markup
    Use grep/cut/tr to eliminate the tags, remove whitespace, and concatenate the characters into the final flag.
    Learn more

    The pipeline grep ">" | cut -d '>' -f2 | cut -d '<' -f1 extracts text content from XML tags using only shell utilities. It works by filtering to lines that contain a closing > of an opening tag, then slicing out the content between > and the next <. This is a fragile but fast approach for well-structured, simple XML.

    For more complex XML or HTML parsing, xmllint, xmlstarlet, or Python's xml.etree.ElementTree / lxml are more robust options. They understand the document structure and let you query by element name or XPath expression - for example xmlstarlet sel -t -v "//text()" drawing.flag.svg would extract all text content directly.

    tr -d '\n ' removes all newlines and spaces from the stream, collapsing the scattered single-character text nodes into a continuous string. This is the step that turns the individual flag characters into the complete flag.

Flag

picoCTF{...}

Sometimes "enhancing" means simply inspecting the source.

Want more picoCTF 2022 writeups?

Browse picoCTF 2022Full library

Useful tools for Forensics

Related reading

What to try next