Securebug.se CTF Odin 2021: Find parts

Find parts

Category: Digital Forensics

100 points

I think our best bet is to search for parts.

File: find parts.zip

Solution

There’s find_parts.png file in archive. It should has a flag somewhere. Also worth mentioning is it’s broken.

I’ve found 4 flag parts in below ways:

1. First part was hidden in the header of the file. Instead of expected IHDR in png file there was SBCTF (I’ve corrected it with hexedit by the way).
2. Second part was appended as a string at the very end of file. It was {GR4B.
3. To get the third part I’ve used pngfix to correct CRC. The flag was on the image.
4. Fourth part was hidden in the metadata (Rights field). It had to be retrieved before using pngfix, otherwise it may be lost.

exiftool find\ parts.png 

ExifTool Version Number         : 12.16
File Name                       : find parts.png
Directory                       : .
File Size                       : 12 KiB
File Modification Date/Time     : 2021:03:27 02:06:44+01:00
File Access Date/Time           : 2021:04:20 19:47:21+02:00
File Inode Change Date/Time     : 2021:04:20 19:44:58+02:00
File Permissions                : rw-r--r--
File Type                       : PNG
File Type Extension             : png
MIME Type                       : image/png
Warning                         : PNG image did not start with IHDR
XMP Toolkit                     : Image::ExifTool 10.40
Rights                          : P4RT1Y}

Flag

SBCTF{GR4B_FL4GS_P4RT1Y}