Broken Secrets
CATEGORY - FORENSICS
Last updated
CATEGORY - FORENSICS
Last updated
A file is attached to the challenge.
This challenge provides a suspicious file that needs to be analyzed to extract a hidden flag. By investigating its structure, identifying corruption, and repairing it, we can uncover the secret message.
After extracting the file, I navigated into the directory and ran a quick check using cat and grep to search for a possible flag.
However, this yielded no results, meaning the flag could be hidden, encrypted, or embedded elsewhere.
The word directory looked interesting, so I navigated into it to investigate further.
Finding nothing useful there, I decided to explore the media directory, as media files often contain hidden data.
Inside media, I found a file that caught my attention. Running a few tests revealed that it might be a PNG file due to the presence of the IHDR chunk, a key indicator of PNG format.
However, there was a problem. Attempting to copy and rename the file to a .png extension didn’t work. I then tried using convert:
But this still resulted in an error. A quick Google search led me to suspect a corrupted file header.
The expected PNG file header should be:
However, checking the file’s actual header revealed:
This confirmed that the first four bytes of the header were incorrect.
To repair the file, I replaced the incorrect bytes with the correct PNG signature using the dd command:
This successfully restored the image.
Opening the repaired image revealed the hidden flag:
