Chimera
103 points
Nothing is as it seems
(author: symmetric)
chimera.bin.img.xz
Solution
luc@slon:~/Pobrane$ binwalk -e chimera.bin.imgDECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 Linux EXT filesystem, blocks count: 3072, image size: 3145728, rev 1.0, ext2 filesystem data, UUID=1848bc52-b9b0-4d9e-9cb2-aee6d365d365
3170304 0x306000 JPEG image data, JFIF standard 1.01
3215100 0x310EFC Zlib compressed data, default compression
3220365 0x31238D Zlib compressed data, default compression
3252224 0x31A000 JPEG image data, JFIF standard 1.01
3323904 0x32B800 JPEG image data, JFIF standard 1.01
3342336 0x330000 JPEG image data, JFIF standard 1.01
3366912 0x336000 JPEG image data, JFIF standard 1.01
3418112 0x342800 JPEG image data, JFIF standard 1.01
3426304 0x344800 JPEG image data, JFIF standard 1.01
3440640 0x348000 JPEG image data, JFIF standard 1.01
3528704 0x35D800 JPEG image data, JFIF standard 1.01
3571897 0x3680B9 Zlib compressed data, default compression
3631104 0x376800 JPEG image data, JFIF standard 1.01
3653632 0x37C000 JPEG image data, JFIF standard 1.01
3659776 0x37D800 JPEG image data, JFIF standard 1.01
3725312 0x38D800 JPEG image data, JFIF standard 1.01
3799040 0x39F800 JPEG image data, JFIF standard 1.01
4057222 0x3DE886 Zlib compressed data, default compression
4063829 0x3E0255 Zlib compressed data, default compression
4069349 0x3E17E5 Zlib compressed data, default compression
4083248 0x3E4E30 Zlib compressed data, default compression
4085040 0x3E5530 Zlib compressed data, default compression
4093799 0x3E7767 Zlib compressed data, default compression
4095075 0x3E7C63 Zlib compressed data, default compression
4112314 0x3EBFBA Zlib compressed data, default compression
4113953 0x3EC621 Zlib compressed data, default compression
4124326 0x3EEEA6 Zlib compressed data, default compression
4125612 0x3EF3AC Zlib compressed data, default compression
4134244 0x3F1564 Zlib compressed data, default compression
4135687 0x3F1B07 Zlib compressed data, default compression
4144108 0x3F3BEC Zlib compressed data, default compression
4147958 0x3F4AF6 Zip archive data, encrypted at least v2.0 to extract, compressed size: 64141, uncompressed size: 137118, name: flag.png
4274176 0x413800 JPEG image data, JFIF standard 1.01
4302371 0x41A623 End of Zip archive, footer length: 22
4475805 0x444B9D Zlib compressed data, default compression
4634624 0x46B800 JPEG image data, JFIF standard 1.01
4700160 0x47B800 JPEG image data, JFIF standard 1.01
4704256 0x47C800 PDF document, version: "1.5"
4704330 0x47C84A Zlib compressed data, default compression
4718592 0x480000 JPEG image data, JFIF standard 1.01
4800512 0x494000 JPEG image data, JFIF standard 1.01
4820992 0x499000 JPEG image data, JFIF standard 1.01
4900864 0x4AC800 JPEG image data, JFIF standard 1.01
4964352 0x4BC000 JPEG image data, JFIF standard 1.01
5042176 0x4CF000 JPEG image data, JFIF standard 1.01
5067136 0x4D5180 Zlib compressed data, default compression
5075128 0x4D70B8 Zlib compressed data, default compression
5130240 0x4E4800 JPEG image data, JFIF standard 1.01
5208064 0x4F7800 JPEG image data, JFIF standard 1.01
5292032 0x50C000 JPEG image data, JFIF standard 1.01
5324800 0x514000 JPEG image data, JFIF standard 1.01
5402624 0x527000 JPEG image data, JFIF standard 1.01
5480448 0x53A000 JPEG image data, JFIF standard 1.01
5492736 0x53D000 JPEG image data, JFIF standard 1.01
5515264 0x542800 JPEG image data, JFIF standard 1.01
5539840 0x548800 JPEG image data, JFIF standard 1.01
5627904 0x55E000 JPEG image data, JFIF standard 1.01
5651992 0x563E18 Zlib compressed data, default compression
5697536 0x56F000 JPEG image data, JFIF standard 1.01
5746688 0x57B000 JPEG image data, JFIF standard 1.01
5765120 0x57F800 JPEG image data, JFIF standard 1.01
5773312 0x581800 JPEG image data, JFIF standard 1.01
5791744 0x586000 JPEG image data, JFIF standard 1.01
5849088 0x594000 JPEG image data, JFIF standard 1.01
5867520 0x598800 JPEG image data, JFIF standard 1.01
5916458 0x5A472A Zlib compressed data, default compression
5928960 0x5A7800 JPEG image data, JFIF standard 1.01
5984256 0x5B5000 JPEG image data, JFIF standard 1.01
6004736 0x5BA000 JPEG image data, JFIF standard 1.01
6025216 0x5BF000 JPEG image data, JFIF standard 1.01
6035456 0x5C1800 JPEG image data, JFIF standard 1.01
6055936 0x5C6800 JPEG image data, JFIF standard 1.01
6078464 0x5CC000 JPEG image data, JFIF standard 1.01
6100992 0x5D1800 JPEG image data, JFIF standard 1.01
6121472 0x5D6800 JPEG image data, JFIF standard 1.01
6144000 0x5DC000 JPEG image data, JFIF standard 1.01
6151158 0x5DDBF6 Zlib compressed data, default compression
6164480 0x5E1000 JPEG image data, JFIF standard 1.01
6187008 0x5E6800 JPEG image data, JFIF standard 1.01
6199296 0x5E9800 JPEG image data, JFIF standard 1.01
6221824 0x5EF000 JPEG image data, JFIF standard 1.01
6250496 0x5F6000 JPEG image data, JFIF standard 1.01Bunch of images, nothing interesting besides the key.docx file.
Seems like a dead end, but I don’t give up that fast.
luc@slon:~/Pobrane$ cd _chimera.bin.img.extracted/ext-root
luc@slon:~/Pobrane/_chimera.bin.img.extracted/ext-root$ unar key.docx key.docx: 2021-03-12 14:48:26.138 unar[624789:624789] File NSDictionary.m: 671. In -[NSDictionary initWithContentsOfFile:] Contents of file '/usr/lib/GNUstep/Libraries/gnustep-base/Versions/1.27/Resources/Languages/Polish' does not contain a dictionary
Zip
[Content_Types].xml (1445 B)... OK.
__main__.py (130 B)... OK.
_rels/ (dir)... OK.
_rels/.rels (573 B)... OK.
docProps/ (dir)... OK.
docProps/core.xml (731 B)... OK.
docProps/app.xml (511 B)... OK.
word/ (dir)... OK.
word/_rels/ (dir)... OK.
word/_rels/document.xml.rels (664 B)... OK.
word/settings.xml (241 B)... OK.
word/media/ (dir)... OK.
word/media/image1.jpeg (728293 B)... OK.
word/document.xml (2764 B)... OK.
word/styles.xml (2416 B)... OK.
word/fontTable.xml (853 B)... OK.
Successfully extracted to "key".luc@slon:~/Pobrane/_chimera.bin.img.extracted/ext-root$ cd key/
luc@slon:~/Pobrane/_chimera.bin.img.extracted/ext-root/key$ cat __main__.py#!/bin/env python
import base64
print(base64.b64decode("emlwIGtleTogZXRlcm5hbGZpcmVzb2ZjaGltZXJhCg==").decode("utf-8"), end='')luc@slon:~/Pobrane/_chimera.bin.img.extracted/ext-root/key$ python3 __main__.pyzip key: eternalfiresofchimeraluc@slon:~/Pobrane/_chimera.bin.img.extracted/ext-root/key$ cd ../..
luc@slon:~/Pobrane/_chimera.bin.img.extracted$ 7z x 3F4AF6.zip Hit Y to replace the flag.png and pass the eternalfiresofchimera as password.
7-Zip [64] 16.02 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-21
p7zip Version 16.02 (locale=pl_PL.UTF-8,Utf16=on,HugeFiles=on,64 bits,8 CPUs Intel(R) Core(TM) i7-4810MQ CPU @ 2.80GHz (306C3),ASM,AES-NI)
Scanning the drive for archives:
1 file, 2143498 bytes (2094 KiB)
Extracting archive: 3F4AF6.zip
ERRORS:
Unexpected end of archive
--
Path = 3F4AF6.zip
Type = zip
ERRORS:
Unexpected end of archive
Physical Size = 2143498
Would you like to replace the existing file:
Path: ./flag.png
Size: 0 bytes
Modified: 2021-03-03 00:59:06
with the file from archive:
Path: flag.png
Size: 137118 bytes (134 KiB)
Modified: 2021-03-03 00:59:06
? (Y)es / (N)o / (A)lways / (S)kip all / A(u)to rename all / (Q)uit? Y
Enter password (will not be echoed):
ERROR: CRC Failed in encrypted file. Wrong password? : flag.png
Sub items Errors: 1
Archives with Errors: 1
Open Errors: 1
Sub items Errors: 1Got a bit corrupted png, but it’s enough to get the flag.
Flag
CTF{digital_metamorphism}