PicoCTF 2021 Writeups

our team's writeups for the 2021 PicoCTF competition

View on GitHub

tunn3l v1s10n

Disclaimer: overall approach was taught to me by a friend, not solved during pico.

Overview

Points: 40 Category: Forensics

Description

We found this file. Recover the flag.

Hints

  1. Weird that it won't display right...

Approach

There's no file extension so we don't actually know what type of file it is.

Let's open this with a hex editor like HxD to check the intended file type. The first two characters are BM which indicates a BMP file.

Let's change the file extension to .bmp and since it still doesn't open, I decided to use ImageMagick to open it. I'm sure there's probably some way of changing the file header to open it properly but that's alright. It displays:

notaflag

No flag hmmm. Something interesting to note is the size of the BMP file. It's about 2MB in size for such a tiny image? That doesn't seem right. This site explains what everything in the BMP header is.

Height for a BMP file is at offset 0016h. I changed offset 0017h from 0x01 to 0x03.

Open in ImageMagick:

flag

Flag

picoCTF{qu1t3_a_v13w_2020}