Category: Digital Forensics
I think our best bet is to search for parts.
find_parts.png file in archive. It should has a flag somewhere. Also worth mentioning is it’s broken.
I’ve found 4 flag parts in below ways:
- First part was hidden in the header of the file. Instead of expected
pngfile there was
SBCTF(I’ve corrected it with hexedit by the way).
- Second part was appended as a string at the very end of file. It was
- To get the third part I’ve used
pngfixto correct CRC. The flag was on the image.
- Fourth part was hidden in the metadata (
Rightsfield). It had to be retrieved before using
pngfix, otherwise it may be lost.
exiftool find\ parts.png
ExifTool Version Number : 12.16 File Name : find parts.png Directory : . File Size : 12 KiB File Modification Date/Time : 2021:03:27 02:06:44+01:00 File Access Date/Time : 2021:04:20 19:47:21+02:00 File Inode Change Date/Time : 2021:04:20 19:44:58+02:00 File Permissions : rw-r--r-- File Type : PNG File Type Extension : png MIME Type : image/png Warning : PNG image did not start with IHDR XMP Toolkit : Image::ExifTool 10.40 Rights : P4RT1Y}