picoCTF Solutions
picoCTF 2023ForensicsMedium

MSB

Published: April 26, 2023Updated: December 9, 2025

Description

Most-significant-bit steganography hides the flag in RGB channel bit 7. Use Stegsolve’s data extractor to dump the relevant rows.

Setup

Download image

Install Stegsolve (or an equivalent tool) and open the provided PNG.

Use Analyse → Data Extract, set bit order to MSB First, and enable Red 7, Green 7, Blue 7. Scroll to the top of the extracted text.

wget http://www.caesum.com/handbook/Stegsolve.jar -O stegsolve.jar
chmod +x stegsolve.jar && java -jar stegsolve.jar

Solution

  1. Step 1Extract MSB data
    The textual payload appears when you extract only the 7th bits of each color channel. Save the text and scan for picoCTF.
  2. Step 2Search the dump
    Use grep or strings on the saved text file to locate the flag and copy it out (remove any spaces).
    strings text | grep pico

Flag

picoCTF{15_y0ur_que57...d55bee}

Only the MSB bits carry useful data, so LSB analysis will pass but yield nothing.