For the third “extract hidden data from an image” challenge we have the grass hopper below:
Again, as with the Scottish flag, strings was the solution. This produced a lot of output with the last few lines as follows:
<?php
eval(str_rot13(gzinflate(str_rot13(base64_decode(‘LUnHDrTIEX6a1f6+MXHkEznnzMUiDjkO8enda42Q6K6m
ZdVKvTbj/ec3HOlpj9/1zzRJK47+dEzneUz/lHBbl/f/N3+ruoRHFXg4nMIG+MW1vrsLhW+YjFBM4V+wmaEsb8EUW2lLDv1+99pg
xCGw+V+wm0r3KFJgAV7skmCsksCqgEofFvdRILwaeYkN52Ri3lcgK3elfnaoPGgTO
sJjKpTHWM0zfKezABzjyhZaqb5UpsYmeOm315dqUpKyb25R800Ykye5a+Vgt02vfNqz
pTXSbTo/JOdtWReIY5Wi9oKo23/M7LCufRkFruAH1o0j3RHBBNMOxSKS/RgUKn1Sw
IAwJcIoSs8IF7DAPPHrbkQODuBV5907u7ucXC/X5jmc9RdDGpj9V02tu3TErOisJ2213S9
V8rhcI7tGWAwSg7ywcWNN4ZOm586G06MSFqIyeQtyA7EjChxwurGOEhzdIKtF8lPD5h
KBUd09H5AC9swxs6pLXbXO0L1KV7sSzHDulbdj1a5hIIkOBmYsoG9BHPQHkqUl2TUkC
zRO6x448uE0sxkLWTcZ4y/wLLy6Hx55bGgEBM6oUCWbPvkwYbpg5RB6ixi+wzeeFp
EKnRSZteTWRebVbBmp/7QW2IRw5/GaPAzbP6z/LbW0tdZO/EPvvf4Hn3/8F’)))));
Actually, the real output is rather longer, but you get the idea.
As we can see, this is a bit of PHP software. The long sequence of random looking bytes is the main section of code which has been compressed and encoded. The commands at the start reverse the encoding and compression and then run the contents.
It was therefore necessary to run the PHP. By great good fortune, Mac OS X contains PHP by default. First create a PHP file by taking the PHP code and adding a new line at the end which reads ‘?>’. Then run this through PHP by typing ‘php -f filename.php’. The code prints out a token which is the answer.