Hello 🧙♂️!
This is an open challenge for those interested in bug bounties. Find a way to decrypt the secret images in this Gist. If you can generate even one of the original images, you win 500 GBP!
All of the steganographic images are hiding different secret images.
The samples are encrypted like in this sample below in folder mode where the /challenge folder had the secret images. As this mode executes the encryption operation in one go, the same base image and the password was used.
PixelLock -e -i ./challange -o ./challange/output -b ./tests/images/base_image.png -r 4 The images are encrypted with v1.0.0. Base image can be found in the tests folder.
You can download this gist from the top right by clicking on the "Download Zip" button or clone it with git. E.g.
git clone https://gist.github.com/saltukalakus/3ed86910ea2eee6c6e72f8def4c6017cGood Luck! You will need it 😃
Rules:
-
You should not target or attack my computer or any of my online accounts. Accessing the image that way is not eligible for the reward.
-
The accepted method for the reward is through finding a vulnerability in this project or its dependencies and leveraging it to bypass the security.
-
If you brute-force the secret and that works, you need to share proof of your brute-force attempt. I suggest not going that route, as it would probably be impractical. However, if you find a way to minimize the possible set of secrets to brute-force, that may be a valid approach.
-
Open an issue PixelLock repository, upload one of the original images, and ping me @saltukalakus. Please do not disclose how you were able to bypass the encryption. I will reach out to you to understand how you bypassed it.
-
Only the first hacker who opens an issue with a correct image wins.
-
The challenge is time-boxed. It will end on July 31, 2025, at 1 PM UTC. I will share the secret in this Gist in the comments section if no one can find it by then.
