Description

catvideo_mp4_file

Resolution

For this Forensics/video stegano, we are presented with a mp4 file where the colors of each pixels seams to have been randomized.
Still, it looks like we can see movements from one image to the next one, so we should be able to scrub that a little by making a diff between images.

 

First, we dump all the frame of the video :
ffmpeg -i catvideo.mp4 -r 1/1 mycat-%04d.jpg
You can also do this with vlc, lots of ways to do this are explained here (https://www.raymond.cc/blog/extract-video-frames-to-images-using-vlc-media-player/)

Then we do a diff from one image to the next one.
But as the pixels have been randomized, the only important information to gather is the fact that there have been a change.
So, we can safely create a B&W picture of the diff, setting changed pixels at 255, not changed pixels to 0.

Now that we can see it clearly, we have to find the hidden message.
Around frame 1800 we have a nice change. But as the flag appear, the rest of the background changes too, so we have a lot of noise.

The important part here is that we only have one frame with showing the flag.
If we had a flag appearing in only 1 frame, we should see the diff with it’s appearance AND with it’s disapearance.
As we don’t have that second frame, that mean that the flag is still showing after frame 1800.
So lets try to diff our image 1800 with all the latter ones, we’d probably come to a point were there are less noise on the background.

BTCF{cute&fat_cats_does_not_like_drinking}