The challenge included a file with no file type. Now usually my thought process goes to thinking that this may be an executable, and I immediately look for strings in the file.
$ strings 2ez
.2EZ
JFIF
Baqv
...
However, this wasn't a binary file, as one of the strings was JFIF. So its an image file! Changing the extension and opening the image should work, EZ! Or so I thought... because the file wouldn't open. Hmm, something's up.
Checked the metadata, no information. Checked the hexdump, nothing that caught my eye.
A bit of googling later, I came across a writeup for a similar challenge - Modified Header. After reading that, I went back and looked at the hexdump again, to realize that the file header was corrupted.
00000000 2e 32 45 5a 00 10 4a 46 49 46 00 01 01 00 00 01 |.2EZ..JFIF......|
The hexdump should start with FF D8 FF E0
, which is the header for a JFIF file. As it is missing here, the file doesn't open.
The solution? Fix the file header by editing it in a hex editor.
00000000 ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 |......JFIF......|
Now I checked the file type again, and it recognizes the file type! I opened the image, and tada, its the challenge flag!
Flag: flag{812a2ca65f334ea1ab234d8af3c64d19}
More writeups from HacktivityCon CTF 2021