Topic links: https://ctf.bugku.com/challenges/detail/id/21.html
Title Author: harry
Tip:
Description: Flag formatflag{xxx_xxx_xxx}
Problem-solving idea:
The first thing I got for this problem was a jpgpicture:
binwalk file.jpganalysis and found that a compressed package was hidden.
Using foremost file.jpgseparation, the compressed package obtained is an encrypted compressed package, but the binwalkcontent of the compressed package can be scanned directly by scanning the picture. It is speculated that it should be a pseudo-encrypted compressed package. Use 010Editorthe 05 06bit of the modified flag header to 00 00open the compressed package. There are a total of 9 without suffix. Files and an animated picture. First binwalkanalyze each picture.
You can see, these are image files, some bmpfiles, some jpgfiles and images have 2,3,4 modify marks, namely 88, , ,888 and 8888modify it as .jpg format continued analysis of these three files.
88.jpg:
You can see that there is an obvious QR code on the picture, which can be obtained by scanningbilibili
888.jpg
010Editor Checking the hexadecimal system and found a string of abnormal strings
c2lsaXNpbGk=, try to base64decode itsilisili
foremost 8888.jpgDecompose 8888.jpg to get a compressed package, and inside the compressed package is another QR code.
Scan to get:panama
According to the prompt flagformat flag{xxxx_xxxx_xxxx}, so sorted in order, the final flagis
flag{bilibili_silisili_panama}