Duy's Tinkerings

picoCTF 2022 | File types Write-up

Challenge description

This file was found among some files marked confidential but my pdf reader cannot read it, maybe yours can. You can download the file from here.

Category: Forensics

Solution

This was a long journey to get to the flag. Not terribly complicated, but it was quite a bit of work nonetheless.

In this challenge, we will be relying heavily on the file command to help us decide our next course of action.

Firstly we download the Flag.pdf file

Obviously, it will not open as a pdf, so let’s use the file command to see what we’re actually dealing with

Interesting, let’s view the file in a text editor:

The file began with this

Following the instruction gave me a new file, simple named “flag”. And this is where the long journey begins.
Note: If you failed to run the flag.sh file like me initially due to a missing uudecode command, you will need to install the sharutils package. Many thanks to this thread for the solution.

Checking with the file command again, this new file is a “current ar archive”

After searching on the Internet, I found out how to extract data out of this archive with the command ar x flag

Again, a new file, and again, we check it using file

This new file is a “cpio” archive

This will be the pattern for this challenge, and we will have to traverse through this deeply nested file to get to our flag. Here is the list of resources I used to get to the end. (You may need to install certain tools to extract some of these files). You might also need to change the extension names (suffix) or these files to match the corresponding archive type.

This will be the pattern for this challenge, and we will have to traverse through this deeply nested file to get to our flag.

Here are the list of resources I used to get to the end. (You may need to install certain tools to extract some of these files). You might also need to change the extension names (suffix) or these files to match the corresponding archive type.
cpio archive
bzip archive
gzip archive
lzip archive
lz4 archive
lzma archive
lzop archive
xz compressed archive

After all of this, we get to the final file, the content of which is encoded.

Seems like hexadecimal

With the help of our reliable friend CyberChef, we obtain the flag at last

Leguminosae

, ,
, ,

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: