Level
easy
Type
Forensics
The secret remains hidden, but as we attempted to send the image, it was mysteriously corrupted during transmission, scattered in the wild. Can you piece together what was lost?
- Check the File Type, Since the image won't open, check its file type to verify its actual format.
- Search for Suspicious Strings, Use
stringsto search for readable strings that might give clues. - Inspect the Link, Visit the link found in the strings output. It asks for a password.
- Inspect the File Header, Check the file’s header to verify if it's a JPEG and if there's any corruption,
464a 4649isFJFI, a corruption of the expectedJFIFJPEG header. - Analyze
EndiannessSwap, Suspect a byte-order swap (endianness). Clue: "Raj" (India) could be a pun/hint about "Endian". - Use
CyberChefto reverseendiannessand try to restore the image: - Load
image.dat - Use Swap
Endiannessrecipe - Re-render and download the corrected image
- Retrieve the Password from the Image, Once the image is correctly displayed, inspect it visually or analyze metadata/embedded data to get the password.
0qQ0Zh3pMG - Access the
PastebinLink - Use the password from the image to unlock the
pastebin. - Retrieve the flag from the page.
- Flag:
YUCTF{pixels_hide_secrets}
file image.datimage.dat: datastrings image.dat | tail(>&KNZQ[sOY
XbL#
Fg)Q
ed#\
SWa.,l
VeW:R
R#ka
*@[@
z\^4
https://pastebin.com/YEP3217j
xxd -l 100 image.dat00000000: d8ff e0ff 1000 464a 4649 ...
