Queen Roselias Diamond

Bitskrieg CTFby smothy

Queen Roselia's Diamond - Forensics

Points: 500 | CTF: BITSCTF 2026 | Flag: BITSCTF{qr_bu7_n07_7h47_qr} | Solved by: Smothy @ 0xN1umb

forensics vibes

what we got

One file: challenge_stego.tif - a TIFF image. Challenge description mentions Newton's prism decomposing light into 7 colors. Classic forensics hints.

bash
$ file challenge_stego.tif
challenge_stego.tif: TIFF image data, little-endian, direntries=10, height=635, bps=64, compression=none, PhotometricInterpretation=BlackIsZero, width=635

wait... bps=64?? 64-bit pixels in a grayscale image?? that's not normal at ALL. regular images are 8-bit. this is using float64 (IEEE 754 double-precision) for each pixel. thats 8 bytes per pixel. already sus.

635 x 635 pixels x 8 bytes = 3,225,800 bytes of pixel data

the solve

layer 0 - the obvious QR

open it up, it looks like a QR code. scan it:

BITSCTF{blud_REALLY_ thought_lmao}

lmaooo nice try. that space before "thought" is suspicious af. submitted it anyway - invalid. classic honeypot. the challenge authors really said "blud really thought" and they weren't wrong, i DID think for a sec ngl

layer 1 - why float64 tho??

ok so the image is a QR code where pixels should be exactly 0.0 (black) or 255.0 (white). but why use 64-bit floats for a binary image? unless... the data is hiding IN the float precision.

python
import numpy as np

with open("challenge_stego.tif", "rb") as f:
    data = f.read()
pixel_data = data[8:8+635*635*8]
floats = np.frombuffer(pixel_data, dtype=np.float64).reshape(635, 635)

print(f"Min: {floats.min()}")    # -0.001126...
print(f"Max: {floats.max()}")    # 255.001036...
print(f"Exact 0.0: {np.sum(floats == 0.0)}")    # 0 !!
print(f"Exact 255.0: {np.sum(floats == 255.0)}")  # 0 !!

ZERO pixels have exact values. every single pixel has been nudged by a tiny amount (~0.001). all 403,225 pixels are modified. thats our stego channel right there.

layer 2 - deviation sign encoding

the key insight: each pixel deviates from its "ideal" value (0 or 255) by a tiny positive or negative amount. what if the direction (positive vs negative) encodes hidden data?

python
# for each pixel, compute deviation from nearest integer
ref = np.where(floats > 128, 255.0, 0.0)
deviation = floats - ref

# positive deviation = white pixel, negative = black pixel
sign_image = np.where(deviation >= 0, 255, 0).astype(np.uint8)

saving that as an image and...

deviation sign map

YOOOOO there's TEXT written across the entire image!! the sign of the fractional deviation literally spells out a message, repeated multiple times across horizontal bands. zooming in on the clearest instance:

flag text zoomed

reads: BITSCTF{qr_bu7_n07_7h47_qr}

"qr but not that qr" - lmaooo the challenge authors are trolling at every layer. the VISIBLE QR is a honeypot, and the HIDDEN text says "not that qr"

the rabbit holes (fr)

ngl this challenge had me going DEEP into rabbit holes before finding the flag text:

I25 Barcodes in bit planes - XOR'ing different bit planes of the float64 representation revealed 14 hidden Interleaved 2-of-5 barcodes with numeric values like 934948, 381121, 04618432 etc. spent wayyy too long trying to decode these as the flag. turns out they were more layers of deception.

python
# XOR bit plane i with bit plane j
uint64 = floats.view(np.uint64)
for i in range(64):
    for j in range(i+1, 64):
        xored = ((uint64 >> i) & 1) ^ ((uint64 >> j) & 1)
        # ... barcode detection

found barcodes at bit4^bit5, bit10^bit15, bit26^bit31, bit33^bit39, bit46^bit47 and more. tried every interpretation imaginable - hex decode, ASCII pairs, base-7 (7 colors!!), mod arithmetic, pixel coordinates, concatenation... none of it.

byte plane analysis - each float64 has 8 bytes. bytes 0-5 span the full 0-255 range (high entropy data). tried treating each as a separate image, combining as RGB, running binwalk/zsteg... nada.

FFT, DWT, PCA - tried spectral analysis, wavelet decomposition, principal component analysis on the 7 usable byte channels. all dead ends.

magnitude analysis - deviation magnitudes are continuous (316k+ unique values), not quantized. mapping to ASCII at various scales produces garbage. the magnitude IS correlated with the text pattern (strokes have lower magnitude) but doesn't encode separate data.

the technique breakdown

so heres what the challenge author actually did:

  1. started with a QR code (0 and 255 pixel values)
  2. for each pixel, added a tiny deviation (+/- 0.001)
  3. the sign of the deviation (positive or negative) paints text across the image
  4. stored as float64 TIFF to preserve the fractional precision
  5. added honeypot barcodes in bit planes for extra trolling
  6. the QR code itself decodes to a troll message

the "7 colors" / Newton's prism hint refers to the 7 usable bytes (0-6) of each IEEE 754 float64 representation - decomposing the "light" (pixel value) into its spectral components.

pixel stats

Near-0 (black) pixels: 201,941 (50.1%) Near-255 (white) pixels: 201,284 (49.9%) Positive deviations: 235,333 Negative deviations: 167,892 Deviation range: [-0.00113, +0.00104]

the negative near-zero pixels (actual value < 0) confirm this is artificially crafted - you can't have negative pixel intensities in real images.

flag

BITSCTF{qr_bu7_n07_7h47_qr}

"qr but not that qr" - the QR code is a honeypot, the real flag was hiding in the fractional deviations of the float64 pixels the whole time. 500 points well earned, this challenge had like 4 layers of deception lmao

smothy out ✌️

Previous

Promotion

Next

Radio Telescope

More from Bitskrieg CTF

Chaos

by smothy

Cider Vault

by smothy

El Diablo

by smothy

Back to all writeups