Failed Compression

Forensics - 80 Points

I was trying to compress some files, but I think I messed it up?

file: [] (not available)


When you try to open the ZIP file, every ZIP programs tell you that it’s not a valid archive file. With an HexEditor we can see that it’s not a ZIP file because it doesn’t have known Magic Byte

$ file data

Also I noticed that there were lots of PNG/IHDR signature and JPG/JFIF signature. So I excluded the APNG option and thought that maybe the archive was a concatenation of PNG and JPG files. Unfortunately every file’s header was changed so we extraced with Binwalk the start position and end position of every PNG file (based on IHDRpos -12byte and IENDpos +5byte) and JPEG file (based on JFIFpos -6byte and the JPG EOF 0xFF 0xD9)

So I wrote a script to extract with dd every single image fixing the Magic Byte (loaded from a file).

#!/usr/bin/env python

import sys
import os
import subprocess

def our_dd(i,e,ff):
print i," ",e
n = "src/immagine"+str(i)
h = subprocess.check_output("dd of="+n+"1."+ff+" bs=1 skip="+str(i)+" count="+str(e-i), shell=True)
print h
h = subprocess.check_output("cat "+ff+"_magic "+n+"1."+ff+" > "+n+"."+ff+"; rm "+n+"1."+ff, shell=True)
print h

with open("JFIFpos.txt") as f:
jfifpos =
with open("EOFJFIFpos.txt") as f:
eofjfifpos =

for line in jfifpos:
while True:
start = int(line)-2
end = int(eofjfifpos[c])+2
if end-start > 0:

with open("IHDRpos.txt") as f:
ihdrpos =
with open("IENDpos.txt") as f:
iendpos =

for line in ihdrpos:


And finally I found a flag, in the sea of memes Flag