Reading Time : 2min

SDCTF 2022 Susan Album Party


File: stub download

Challenge/Competition: SDCTF 2022 - Susan Album Party


Challenge Discription: My friend Susan is having a photo album party, but she accidentally corrupted the SD card with all her photos on it! Can you save Susan's party by recovering her photos?


Solution

First of all I checked the file type by running unix “file” command

I found out that the file is JPEG file. I saved it with .jpg extention

by opening our Image we can see first part of the flag.

sdctf{FFD8

FFD8 is file header for “jpg” file type.
I opened the file with HxD (hex editor) and searched for ffd8

I found one at start and by pressing f3 i found another one.
It indicates that our image file is consist of multiple images but only the top one is showing up, So we have to extract other images from the file.

To do that first select byte previous to second “FF D8”. In this case D5.

Then go to Edit>Select block… or press Ctrl+E

select 0 as Start-offset: and press OK.

all the bytes before second “FF D8” will get selected.

now press Delete button on your keyboard.
If this prompt show up then press OK

Now data for our first Image is deleted.
Now if we repeat our previous steps we will be able to select data of our second image.

After selecting data this time save the Image by going to File>Save as…

I named it 2.jpg

It contain second part of our Flag.

_th3n_S0ME_s7uff_

Now we can delete our selected data for second image.
And we will end up with our last image which I saved as 3.jpg

And it contain last part of our flag.

FFD9}

Here is our complete Flag.

sdctf{FFD8_th3n_S0ME_s7uff_FFD9}