How to Find Hidden Messages in JPEGs: A Beginner’s Guide to CTF Steganography Challenges from KUET’s Cyber Security Seminar
On August 21, 2025, the KUET Cyber Security Club (KCSC) officially launched with a thrilling seminar in collaboration with SGIPC (KUET’s Programming Club) and Hidden Investigations. This event was not just a formality — it was a gateway into the fascinating world of ethical hacking and Capture The Flag (CTF) challenges.
As a special treat, Sakibul Ali Khan, team lead at Hidden Investigations, presented a live demonstration of a CTF challenge: “Hightened Secrets”. His goal? To show students how a simple-looking image can hold a secret message — if you know where to look. The challenge was created by Milon Das from Hidden Investigations.
Challenge Overview: Hightened Secrets
“We found an image file, but something feels off. Its structure has been modified, and the message is hidden inside.” Challenge File.
This challenge was all about hidden data inside a JPEG file, masked not by cryptic code but by clever manipulation of how image viewers work.
What is Steganography?
Steganography is the art and science of hiding information within other files or media in a way that doesn’t raise suspicion.
Unlike encryption (which makes data unreadable to outsiders), steganography hides the very existence of the data.
Example: You can hide a secret message inside an image, audio, or even a video file. Unless you know where to look or how to extract it, it appears perfectly normal.
This technique is often used in CTFs to challenge your thinking about how data can be hidden in plain sight.
What Are JPG (or JPEG) Files?
A JPG/JPEG is a popular image format used across the internet, especially in photography.
From Wikipedia:
“JPEG is a commonly used method of lossy compression for digital images, particularly for those images produced by digital photography.”
JPG images:
- They are compressed to save space.
- End with
.jpgor.jpeg. - Follow a specific binary structure, which includes headers for width, height, compression, color components, etc.
Hackers can manipulate this structure to hide content without breaking the image.
Getting Started — What We’ll Learn and Use
This guide will show you how to:
- Analyze a standard JPG image.
- Use tools like CyberChef or a hex editor to modify the JPG’s height.
- Reveal hidden information previously “cropped” from view.
Requirements — Tools We’ll Use
If you’re on Linux (like Kali), most tools are pre-installed. On Windows, tools like CyberChef (web-based) or HxD (hex editor) are great alternatives.
Step-by-Step Breakdown
Let’s take you through the process of uncovering the hidden message, ensuring that anyone can follow along, regardless of background.
Step 1: Unzip and Identify the Image File
First, we unpack the ZIP file and identify the file type.
unzip chall.zip
file chall.jpgfile chall.jpg: Tells us the file type and format (e.g., JPEG with baseline encoding).
It’s confirmed to be a JPEG image, using the baseline format (SOF0), with dimensions: 2274×2896 pixels.
Step 2: Metadata Check with ExifTool
Sometimes, flags or clues are hidden in metadata like comments or descriptions.
exiftool chall.jpgexiftool chall.jpg: Examines metadata for hidden text, comments, or size changes.
No revealing metadata — onward!
Step 3: Check for Embedded Files
binwalk chall.jpg: Scans for embedded files within the image that could hide payloads.
No hidden files detected.
Step 4: Search for Readable Strings
Quick Note: “hiCTF” represents the Hidden Investigations CTF challenge flag, and in this context, it refers to the message format.
strings chall.jpg | grep hiCTF: Searches for readable strings that might reveal the flag.
Nothing found. So the flag isn’t just text — it’s visually hidden.
Theory: The Hidden Height Trick
JPEG files only render what the header says — so if the image is taller than declared, part of it is “cropped out.”
This is a classic format-based steganography trick:
- The image actually contains more rows
- But the decoder stops drawing at the declared height
Step 5: Find the Height Bytes in the Header
Open the file in a hex editor:
Once the command is executed, the hex view of the file will appear as shown below:
hexedit chall.jpgThis diagram illustrates the SOF0 header structure of a JPEG file, showing how key values like height, width, and precision are stored in hexadecimal.
Search for the JPEG Start of Frame (SOF0) marker: (For the search option, press ‘Ctrl + s’, then type ‘FF C0' and hit enter)
FF C0 | 00 11 | 08 | HH HH | WW WWYou’ll find:
HH HH = 0B 50= 2896 (height in decimal)WW WW = 08 E2= 2274 (width)
Step 6: Modify the Height
We increase the height to 3500 pixels, which in hex is 0D AC.
In hexedit:
- Navigate to the height bytes (
0B 50) - Replace with
0D AC - Press ‘F2’ or ‘Ctrl+W’ to save, ‘F10’ or ‘Ctrl+X’ to quit
3500 (decimal) → 0x0DAC → write bytes: 0D ACDon’t change anything else, only the height!
Step 7: Reveal the Hidden Flag
Now open the edited image in any viewer…
🎉 The previously invisible rows at the bottom are revealed, and the flag or hidden message is there!
🏁 Final Flag (The Message)
hiCTF{u_got_me}Why This Works
JPEG decoders follow only the height value in the header.
If that height is lower than the actual image data:
- The rest is still in the file
- But your screen won’t show it
By increasing the height:
- The viewer renders more rows
- The flag (message) hidden below becomes visible
Conclusion:
The “Hightened Secrets” CTF challenge is a perfect entry point for students beginning their journey into cybersecurity and ethical hacking.
From uncovering metadata to manipulating image headers, you’ve now seen how thinking creatively and using basic tools can unravel secrets hiding in plain sight.
This was just the beginning. With KCSC (KUET’s Cybersecurity Club), SGIPC (KUET’s Programming Club), and Hidden Investigations, KUET students are now equipped to explore, learn, and hack in the right way.