A collection of Python-based image forensics, repair, and steganography tools for Capture The Flag (CTF) competitions.
Repair corrupted image files, validate headers, fix CRC checksums, extract LSB-hidden flags across multiple encodings, and recover hidden data from PNG, JPEG, GIF, and BMP files โ essential tools for solving steganography and forensics challenges.
| Tool | Purpose | Supported Formats |
|---|---|---|
| Image-Fixer.py | Universal image repair โ validates magic bytes, parses chunks, fixes headers | PNG, JPEG, GIF, BMP |
| OriginalPNG-fixer.py | Interactive PNG repair โ CRC validation, chunk type repair, manual header correction | PNG |
| png-fixer.py | Automated PNG repair โ header alignment, IHDR detection, chunk integrity validation | PNG |
| lsb_flag_finder.py | Extract LSB data โ decode across ASCII, Base64, Base32, ROT13 โ auto-grep CTF flags | PNG, BMP, TIFF |
| Feature | Description |
|---|---|
| Magic Byte Validation | Detects and repairs corrupted file headers (PNG signature, JPEG SOI, GIF87a/89a, BMP) |
| Chunk Parsing | Parses image file chunks (IHDR, IDAT, IEND, PLTE, tEXt, etc.) with proper length validation |
| CRC Verification | Validates CRC32 checksums for each chunk and auto-repairs mismatches |
| Header Injection | Inserts missing JFIF/Exif headers in JPEG files |
| IHDR Alignment | Detects misaligned IHDR chunks in PNG files and realigns to correct offset |
| Interactive Repair | OriginalPNG-fixer offers manual chunk type selection for complex corruptions |
| Auto-Truncation | Removes trailing garbage data after IEND chunk |
| Multi-Format | Single tool (Image-Fixer.py) handles PNG, JPEG, GIF, and BMP formats |
| LSB Extraction | Extracts 1โ4 bit LSB data from any combination of R, G, B, A channels |
| Multi-Encoding Decode | Decodes extracted data as ASCII, Base64, Base32, and ROT13 simultaneously |
| Flag Auto-Grep | Regex-based search for common CTF flag formats (flag{}, CTF{}, picoCTF{}, HTB{}, etc.) |
| Custom Flag Patterns | Support for custom flag regex via --flag-format for any CTF competition |
| Component | Technology | Role |
|---|---|---|
| Language | Python 3.x | Core programming language |
| Binary Parsing | struct |
Unpacking binary data (big-endian chunk lengths, CRC values) |
| Checksum | binascii.crc32 |
CRC32 computation for PNG chunk validation |
| I/O | sys + file I/O |
Command-line args and binary file read/write |
| Architecture | OOP (FileRepairer class) |
Modular, extensible repair framework |
| Image Processing | Pillow (PIL) |
Pixel-level access for LSB extraction |
| Encoding | base64, codecs |
Base64, Base32, ROT13 decoding |
| Pattern Matching | re (regex) |
Flag format detection across encodings |
# Clone the repository
git clone https://github.com/cazy8/CTF-TOOLS.git
cd CTF-TOOLS
# No external dependencies required โ uses Python standard library only
python3 --version # Requires Python 3.6+Zero dependencies โ all tools use only the Python standard library (
struct,binascii,sys).
python3 Image-Manipulation/Image-Fixer.py <input_image> <output_image># Fix a corrupted PNG
python3 Image-Manipulation/Image-Fixer.py corrupted.png fixed.png
# Fix a broken JPEG
python3 Image-Manipulation/Image-Fixer.py broken.jpg repaired.jpg
# Repair a GIF file
python3 Image-Manipulation/Image-Fixer.py challenge.gif solved.gifpython3 Image-Manipulation/OriginalPNG-fixer.py <input.png> <output.png>- Walks through each chunk interactively
- Prompts for manual chunk type selection when type is invalid
- Shows expected vs actual CRC values
- Auto-repairs CRC mismatches and length errors
python3 Image-Manipulation/png-fixer.py <input.png> <output.png>- Fully automated โ no user interaction needed
- Best for quick fixes during timed CTF competitions
# Install dependency
pip install Pillow# Basic โ extract 1-bit LSB from RGB and search all encodings
python3 LSB-Flag-Finder/lsb_flag_finder.py image.png
# Extract 2-bit LSB from Red and Green channels only
python3 LSB-Flag-Finder/lsb_flag_finder.py image.png --bits 2 --channels RG
# Search only in Base64-decoded output
python3 LSB-Flag-Finder/lsb_flag_finder.py image.png --encoding base64
# Custom flag format for a specific CTF
python3 LSB-Flag-Finder/lsb_flag_finder.py image.png --flag-format "myctf{.*}"
# Verbose โ show decoded previews even without flag matches
python3 LSB-Flag-Finder/lsb_flag_finder.py image.png -v
# Dump raw LSB bytes for manual analysis
python3 LSB-Flag-Finder/lsb_flag_finder.py image.png --raw > lsb_dump.binExample Output:
$ python3 LSB-Flag-Finder/lsb_flag_finder.py challenge.png
[*] Extracting 1-bit LSB from RGB channels โฆ
[*] Got 921,600 bytes
[+] FLAGS FOUND [ASCII]
>>> flag{lsb_is_the_classic_stego}
[+] FLAGS FOUND [ROT13]
>>> flag{rot13_hidden_message}
| Flag | Default | Description |
|---|---|---|
--bits |
1 |
LSBs to extract per channel (1โ4) |
--channels |
RGB |
Channels to read (any combo of R, G, B, A) |
--encoding |
all |
ascii, base64, base32, rot13, or all |
--flag-format |
โ | Custom regex for your CTF's flag format |
--raw |
โ | Dump raw bytes to stdout |
-v |
โ | Verbose โ show previews without flag matches |
โโโโโโโโโโโโโโโโโโโโ
โ PNG Signature โ 8 bytes: 89 50 4E 47 0D 0A 1A 0A
โโโโโโโโโโโโโโโโโโโโค
โ IHDR Chunk โ Image header (width, height, bit depth, color type)
โโโโโโโโโโโโโโโโโโโโค
โ PLTE Chunk โ Palette (optional, for indexed color images)
โโโโโโโโโโโโโโโโโโโโค
โ IDAT Chunk(s) โ Compressed image data (can be multiple)
โโโโโโโโโโโโโโโโโโโโค
โ tEXt/iTXt โ Metadata chunks (may contain hidden flags!)
โโโโโโโโโโโโโโโโโโโโค
โ IEND Chunk โ End marker
โโโโโโโโโโโโโโโโโโโโ
Each chunk:
โโโโโโโโโโฌโโโโโโโโโฌโโโโโโโโโโโโโโโฌโโโโโโโโโโ
โ Length โ Type โ Data โ CRC โ
โ 4 bytesโ 4 bytesโ Length bytes โ 4 bytes โ
โโโโโโโโโโดโโโโโโโโโดโโโโโโโโโโโโโโโดโโโโโโโโโโ
Input File โ Validate Magic Bytes โ Fix Header if Invalid
โ
โผ
Parse Chunks
โ
โโโโโโโโโโโโโผโโโโโโโโโโโโ
โผ โผ โผ
Validate Validate Validate
Type Length CRC
โ โ โ
โผ โผ โผ
Repair if Repair if Repair if
Invalid Invalid Invalid
โ โ โ
โโโโโโโโโโโโโผโโโโโโโโโโโโ
โผ
Write Output
| Format | Magic Bytes | Tools |
|---|---|---|
| PNG | 89 50 4E 47 0D 0A 1A 0A |
All three tools |
| JPEG/JPG | FF D8 FF |
Image-Fixer.py |
| GIF | 47 49 46 38 37 61 (GIF87a) |
Image-Fixer.py |
| BMP | 42 4D (BM) |
Image-Fixer.py |
IHDR PLTE IDAT IEND bKGD cHRM dSIG eXIf
gAMA hIST iCCP iTXt pHYs sBIT sPLT sRGB
sTER tEXt tIME tRNS zTXt
| Scenario | Tool to Use | What to Look For |
|---|---|---|
| Image won't open | Image-Fixer.py | Corrupted magic bytes / header |
| PNG shows wrong dimensions | OriginalPNG-fixer.py | Modified IHDR width/height values |
| CRC error in PNG viewer | png-fixer.py | Intentionally broken CRC (common CTF trick) |
| Hidden data in metadata | OriginalPNG-fixer.py | Suspicious tEXt/iTXt chunks |
| JPEG missing JFIF header | Image-Fixer.py | SOI present but APP0 missing |
| Flag hidden after IEND | Manual hex analysis | Data appended after PNG end marker |
| Flag hidden in LSB | lsb_flag_finder.py | LSB steganography across RGB/A channels |
| Encoded flag in image | lsb_flag_finder.py | Base64/Base32/ROT13 encoded flags in pixel data |
CTF-TOOLS/
โโโ Image-Manipulation/
โ โโโ Image-Fixer.py # Universal format repair (OOP-based)
โ โโโ OriginalPNG-fixer.py # Interactive PNG-specific repair
โ โโโ png-fixer.py # Automated PNG repair
โโโ LSB-Flag-Finder/
โ โโโ lsb_flag_finder.py # LSB extraction + multi-encoding flag grep
โ โโโ requirements.txt # Pillow dependency
โโโ LICENSE # GPL v3
โโโ README.md # Documentation
Contributions welcome! Ideas for expansion:
- ๐ Audio Forensics โ WAV/MP3 header repair and spectrogram analysis
- ๐ฆ ZIP/RAR Repair โ Archive header fixing for misc challenges
- ๏ฟฝ PCAP Analysis โ Network forensics toolkit
- ๐งฎ Crypto Helpers โ Common cipher solvers (Caesar, XOR, Vigenรจre)
- ๐ Hex Analysis โ Automated hidden data detection after IEND/EOF markers
Harsh Gupta โ @cazy8 ยท LinkedIn
This project is licensed under the GNU General Public License v3.0 โ see the LICENSE file for details.
If you found this useful, consider giving it a โญ