Tools / Image Metadata Viewer
Image Metadata Viewer (EXIF)
Drop a PNG, JPEG, GIF, or BMP and see every metadata field embedded in the file. Parsing happens entirely in your browser. Values that look flag-like (containing "picoCTF", "flag", "key", etc.) are highlighted so you do not have to scan a long table by eye.
Drop a PNG, JPEG, GIF, or BMP here, or
Files never leave your browser.
Where image metadata hides flags
Image formats reserve dedicated places for free-form text. Cameras and editors fill them with model numbers and software names. CTF authors fill them with flags. The most frequently abused fields:
- JPEG EXIF - the
UserComment,Artist, andSoftwaretags accept arbitrary text. - JPEG comment marker (0xFFFE) - stores raw text outside EXIF.
- PNG tEXt / iTXt / zTXt chunks - key/value pairs that survive most editors. iTXt supports UTF-8.
- GIF comment extension (0x21 0xFE) -free-form text blocks.
- XMP packets - XML metadata embedded by Adobe tools, often verbose.
If the metadata looks empty, the flag may be elsewhere. Try the File Magic Identifier to confirm the file type, the Strings Extractor to scan the entire file for printable runs, and the Hex Viewer to inspect bytes directly. Many picoCTF challenges append data after the canonical end of the image (after a PNG IEND chunk, for example). When that happens this tool surfaces a "Bytes after IEND" row - extract those bytes with dd skip=N or a binwalk extraction.
For LSB stego (the flag is encoded in the low bits of the pixel data, not the metadata), this tool will not help directly. Use zsteg, stegsolve, or a Python script with PILinstead.
Challenges that use this tool
- Ph4nt0m 1ntrud3rpicoCTF 2025 · Forensics · Easy
- CanYouSeepicoCTF 2024 · Forensics · Easy
- Scan SurprisepicoCTF 2024 · Forensics · Easy
- St3g0picoCTF 2022 · Forensics · Medium
- InformationpicoCTF 2021 · Forensics · Easy
- So MetapicoCTF 2019 · Forensics · Medium
- What Lies WithinpicoCTF 2019 · Forensics · Medium