This was one of the only challenges I attempted on BCTF, but the focus paid off. It was an interesting challenge that taught me about the nuances of the ffmpeg tool.
At first we were given a video which had frames looking like this (two consecutive frames extracted from the video):
When watching the video you would see a sort of ghosting effect where your eye would pick up the diffing pixels providing a sense of motion. Otherwise any individual frame does not explain much about the final image by itself.
Initially I started to look into different ways of blending video frames using ffmpeg. I spent a lot of time on this page - https://ffmpeg.org/ffmpeg-filters.html
Specifically looking at the "tblend" filters (blends two consecutive frames using a specific filter-type) - https://ffmpeg.org/ffmpeg-filters.html#blend_002c-tblend
Playing around with different ones provided many results that didn't help, and a couple that did.
The primary solution to the "first half" of this challenge was to use an exclusion filter (At first I was thinking diff, but exclusion worked fine).
This showed a rough outline of the cat in the video, enough to be confident to find some other objects within.
After viewing an export of all frames as another mp4, I noticed exactly 1 minute in there was a small flash on the bottom of the screen. This was rectangular in shape, and based on other Stego challenges in the past, this was probably where the flag was. So after a bit of start & stop, with ffmpeg and exporting blended frames, I found what looked like the flag!
So far what I could make out in the exclusion-filtered image was:
BCTF{cute&fat_cats_does_not_like_ nking}
So close! But not there yet... What were those 3 characters missing from the image?
I fired up Gimp and tried to blend the flag's frames with the surrounding ones to see if that would help fill in the gaps.
Going through Gimp's layer filters actually turned out to be a lot nicer than ffmpeg's tblend method.
Finally landed on using Hard Mix with an Overlay which gave this result:
This provided enough to make out the real flag:
BCTF{cute&fat_cats_does_not_like_drinking}
