We analyze the PDF file using peepdf in interactive mode :
As we can see, there is a JS object inside the file.
We retrieve it :
We can see a hard-coded gist URL.
When we go to the URL, we can see a long base64 encoded code block which seems to have been reversed since the padding appears to be at the beginning:
We save the snippet to a file and we use the following Python code to decode it:
The output is an image on which the flag can be read.
However, we cannot open the file as it is and the file command returns the following output :
Since the file has a .jpg extension, we can assume that it is a JPEG file.
We can also assume that the file can easily be decrypted since we have absolutely no clue from the challenge description about what we have to do.
At this point, what first comes to mind is that it might be XORed.
We know that the header signature of JPEG starts with 0xFF 0xD8 0xFF 0xE0 so we can XOR the first four bytes of the ciphered file with the four bytes of the header signature in order to retrieve the key or a part of the key.
After some manual analysis, it appears that the key is the single byte 0xAB.
We use the following Python script to decrypt the file :
We get an image on which the flag is printed.
Posts
Service Hacktion - Notes attachées au balado S01E11 - Panorama de la sécurité de Github Action
Saison Épisode 1 11 Spotify Deezer Youtube Youtube Music Amazon Music Apple Podcast Podcast Index podCloud Podchaser podtail Podcasts Français Vodio S
New York Flankees - Write-up - TryHackMe
Information Room# Name: New York Flankees Profile: tryhackme.com Difficulty: Medium Description: Can you, the rogue adventurer, break through Stefan's
Service Hacktion - Notes attachées au balado S01E10 - Revue d'actualité n°2, spéciale 1er avril
Saison Épisode 1 10 Spotify Deezer Youtube Youtube Music Amazon Music Google Podcast Apple Podcast Podcast Index podCloud Podchaser podtail Podcasts F
ArchLinux - Save face (and your system)
Whatever boot issue you're facing or system breakage you encounter, that would be neat to be able to fix you system rather than reinstalling it, isn't
ArchLinux - mkinitcpio v38 upgrade
With the release of mkinitcpio v38, mkinitcpio hook migration and early microcode has been announced (04/03/2024). But how to migrate? For a setup sim