Failed Compression

Forensics - 80 Points

I was trying to compress some files, but I think I messed it up?

file: [] (not available)


When you try to open the ZIP file, every ZIP programs tell you that it’s not a valid archive file. With an HexEditor we can see that it’s not a ZIP file because it doesn’t have known Magic Byte

$ file data

Also I noticed that there were lots of PNG/IHDR signature and JPG/JFIF signature. So I excluded the APNG option and thought that maybe the archive was a concatenation of PNG and JPG files. Unfortunately every file’s header was changed so we extraced with Binwalk the start position and end position of every PNG file (based on IHDRpos -12byte and IENDpos +5byte) and JPEG file (based on JFIFpos -6byte and the JPG EOF 0xFF 0xD9)

So I wrote a script to extract with dd every single image fixing the Magic Byte (loaded from a file).

#!/usr/bin/env python

import sys
import os
import subprocess

def our_dd(i,e,ff):
	  print i," ",e
	  n = "src/immagine"+str(i)
	  h = subprocess.check_output("dd of="+n+"1."+ff+" bs=1 skip="+str(i)+" count="+str(e-i), shell=True)
	  print h
	  h = subprocess.check_output("cat "+ff+"_magic "+n+"1."+ff+" > "+n+"."+ff+"; rm "+n+"1."+ff, shell=True)
	  print h

with open("JFIFpos.txt") as f:
	  jfifpos =
with open("EOFJFIFpos.txt") as f:
	  eofjfifpos =

for line in jfifpos:
	  while True:
		    start = int(line)-2
		    end = int(eofjfifpos[c])+2
		    if end-start > 0:

with open("IHDRpos.txt") as f:
	  ihdrpos =
with open("IENDpos.txt") as f:
	  iendpos =

for line in ihdrpos:


And finally I found a flag, in the sea of memes Flag