Hard Live

VargasIsland

80 points

5 Solves

Forensics

Hard

kcbowhunter ctflearn++ badge

Community Rating: 5.00 / 5

You may want to solve my MountainMan challenge before solving this.

I am providing a python script that shows the Jpeg markers and data segments within a Jpeg file to get you started solving this challenge.

Good luck!

First 10 Solvers

Rank Username
1 kcbowhunter ctflearn++ badge
2 tenchijin
3 ebouteillon
4 Noxtal
5 Caillou
Rank Username

  • ebouteillon

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

    • kcbowhunter ctflearn++ badge

      I'm not seeing any messages on Twitter to my @kcbowhunter account. I wonder if you have to send me a friend request first to send a message? But ebouteillon what you mention is not the encrypted flag... what you found is a decoy. Compare the location of the oxFFD9 EOI image marker with the size of the file. You can use the jpeg file I provided to see the location of the EIO (end of image) marker.

    • kcbowhunter ctflearn++ badge

      I meant to say you can use the Jpeg1.py python script I provided to easily see the location of the 0xffd9 marker (end of image marker) in the jpeg. Compare the offset to the EOI marker with the file size. Thanks for working on my challenge!

  • Noxtal

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

    • kcbowhunter ctflearn++ badge

      The encrypted payload is not one of the comments, it is hidden somewhere else in the jpeg file. Run the Jpeg1.py script I provided, not the offset to the 0XFFD9 end of image marker and compare that to the size of the file. You may also want to solve my MountainMan challenge first which has some similarity to this problem.

      • Noxtal

        Protected

        [REDACTED] This comment is only shown to users who have solved this challenge.