# 4. Unpack the binary blob binwalk -e mystery.bin > /dev/null
DECIMAL HEX DESCRIPTION 0 0x0 PNG image, 256 x 256, 8-bit/color RGBA, non-interlaced Extract the PNG: flatpack-522.rar
The goal of the challenge is to retrieve the hidden flag that the creator has concealed inside the RAR file. The write‑up is organized into the typical CTF sections: , exploitation / analysis , extraction , and flag retrieval . 1. Overview & Goal | Item | Description | |------|-------------| | Challenge name | FlatPack‑522 | | File | flatpack-522.rar (≈ 2 MiB) | | Category | Forensics / Reverse Engineering | | Typical points | 200‑300 (depends on the event) | | Goal | Extract the hidden flag (format: HTB... or FLAG... ) from the archive. | ) from the archive
The archive is deliberately obfuscated: it contains a password‑protected inner RAR, a steganographically‑hidden image, and a small custom‑packed executable that must be run in a controlled environment. $ file flatpack-522.rar flatpack-522.rar: RAR archive data, version 5, created Tue Sep 5 13:42:10 2023, encrypted do unrar x -p$i ...
# 3. (Optional) Look for hidden data in the cover image # zsteg -a cover.png # just for curiosity
$ unrar x -p522 flatpack-522.rar Result: – the archive opens, extracting a single file named inner.rar . 3.2 Confirmed Password The correct password is 522 (the numeric suffix of the archive’s name). (If you want a more systematic approach, you could also script a quick for i in 0..999; do unrar x -p$i ... && break; done loop.) 4. Analyzing inner.rar The newly extracted inner.rar is again a RAR5 archive, but this time it is not encrypted .