Reading Time : 2min
File: stub download
Challenge/Competition: SDCTF 2022 - Susan Album Party
Challenge Discription: My friend Susan is having a photo album party, but she accidentally corrupted the SD card with all her photos on it! Can you save Susan's party by recovering her photos?
First of all I checked the file type by running unix “file” command
I found out that the file is JPEG file. I saved it with .jpg extention
by opening our Image we can see first part of the flag.
sdctf{FFD8
FFD8 is file header for “jpg” file type.
I opened the file with HxD (hex editor) and searched for ffd8
I found one at start and by pressing f3 i found another one.
It indicates that our image file is consist of multiple images but only the top one is showing up, So we have to extract other images from the file.
To do that first select byte previous to second “FF D8”. In this case D5.
Then go to Edit>Select block… or press Ctrl+E
select 0 as Start-offset: and press OK.
all the bytes before second “FF D8” will get selected.
now press Delete button on your keyboard.
If this prompt show up then press OK
Now data for our first Image is deleted.
Now if we repeat our previous steps we will be able to select data of our second image.
After selecting data this time save the Image by going to File>Save as…
I named it 2.jpg
It contain second part of our Flag.
_th3n_S0ME_s7uff_
Now we can delete our selected data for second image.
And we will end up with our last image which I saved as 3.jpg
And it contain last part of our flag.
FFD9}
Here is our complete Flag.
sdctf{FFD8_th3n_S0ME_s7uff_FFD9}