Hiding in Plain Sight

Challenge Information

• Challenge Name: Hiding in Plain Sight (Nothing Hidden Inside)
• Category: Steganography
• Points: 150 pts
• Teams Solved: 11
• Description: "Got this PDF from a crazy guy, wonder what he wants to tell me?"
• Hint: Not all is what it seems.
• Flag: EOF{u_r_@_ch!ck3n}

Solution Methodology

Step 1: Initial Analysis

First, I tried opening the PDF normally — it showed nothing meaningful or just blank content. This hinted that the real information might not be visible through a regular PDF viewer.

ls -l Nothing_hidden_inside.pdf
# Confirmed file has reasonable size, suggesting hidden text

Step 2: Raw Content Inspection

Given the hint and the category (Steg), I decided to inspect the raw content of the file instead of viewing it normally.

cat Nothing_hidden_inside.pdf

Since PDF files can be quite verbose, I filtered for the end section (where PDF metadata or extra text might be hidden):

Step 3: Search for Flag Pattern

cat Nothing_hidden_inside.pdf | grep EOF

Step 4: Discovery

The command output revealed a series of characters just before the %%EOF marker:

{u_r_@_ch!ck3n}%

Following the given flag format (EOF{}), the flag becomes:

Key Insights

Why This Challenge Works

• PDF viewers don't display text hidden after the EOF marker
• The %%EOF marker tells PDF readers where the file ends
• Data after %%EOF is ignored by PDF readers but visible in raw content
• Simple but effective steganography technique

Tools Used

• cat - Display raw file content
• grep - Search for EOF pattern
• strings - Alternative for extracting readable text

Alternative Methods

# Method 1: Using strings
strings Nothing_hidden_inside.pdf | grep -i "eof"

# Method 2: Using tail (last lines)
tail -n 5 Nothing_hidden_inside.pdf

# Method 3: Using hex editor
hexdump -C Nothing_hidden_inside.pdf | tail -n 20

Summary Table

Step	Action	Result
1	Opened PDF normally	Nothing visible
2	Used cat and grep EOF	Revealed hidden text
3	Extracted flag in EOF{} format	Success!