Skip to main content
R4shSec
R4shSec

picoCTF WriteUp | Corrupted file

·1 min· loading · loading ·
CTF PicoCTF Forensics PicoMini by CMU-Africa Easy
R4shSec
Author
R4shSec
I like it when things work how they’re not supposed to.
Table of Contents

Introduction
#

Hey everyone 👋 — In this Capture The Flag (CTF), we’re told that a file is broken and we need to figure out how we could repair it.

Image

File
#

Looking at the file, we could see that it seems like it is a JFIF. The file itself can’t be opened.

Hexedit
View

Editing The Hex Value
#

That’s weird! — Referring to a Wikipedia article, the file SOI segment must start with FF D8. However, this starts with 5C 78. Let’s change that!

To edit the value, you could use hexedit:

sudo apt install hexedit # Install
hexedit file # Edit the file. REPLACE FILE WITH YOUR FILENAME
Edit

We would use hexedit to edit the file value. Simply add FF D8.

Edit 2

Boom! — You could write the file via ctrl+w to write and ctrl+x to quit.

Flag 🚩
#

Boom! — We could now see the flag!

View 2

We could use Google Optical Image Recognition (OCR) to get the text of the image.

OCR
picoCTF{r3st0r1ng_th3_by73s_684e09bc}