NozZyDark Side
Flag4All - Dark Side
Category
Steganography
Description
🇫🇷 Vous êtes étudiant en informatique et une mystérieuse personne a envoyé un dossier zip par e-mail à l’ensemble de votre classe. Cette personne affirme que des réponses à vos prochains examens se trouvent un compte en ligne et que les indices menant à son compte son cachées dans ce dossier zip. À vous de retrouver ces réponses sur le compte.
🇬🇧 You are a IT student and a mysterious person send an archive to the classe. This person tells that all the answers for the following exams are behind an only account. To find this account, you have to follow the hidden hints that the archive will give you. Your turn to find this answers!
Files
Chall_Dark_Side.zip
Difficulty
Medium - 497 points
- Author: ?
Write up
zip ? tif ?
Opening the zip with 7z lets you see that it contains another zip file, which is encrypted, and a tif image.
Maybe the tif image contains the password? But the image looks corrupted, I cannot open it.
What if we check its file signature? Using the file command, we learn that this file is considered as a JPEG file:
$ file IMG_20221113_185634.tif
IMG_20221113_185634.tif: JPEG image data
Changing the extension from .tif to .jpeg does not work.
Gotta check the file signature with my own eyes.
This page refers a lot of hexadecimal file signatures, and hexed.it allows us to looks for the hexadecimal writting of our file.
FF D8 FF E0 in the header by 49 49 2A 00, and it should be considered as a real .tif file
Export the file, and
Password and a bird
bW90ZGVwYXNzZXppcA== → motdepassezipWe are now able to unzip the zip (woaw), with inside a little bird inside a QR code:
IBCDI4TLL5JTCZDFG43A=== → @D4rk_S1de76FLAG{@D4rk_S1de76}