Home / Individual Game / Forensics / Forensics CH1
⬅ Back Next ➡

Forensics Challenge 1 - Fly High

Prompt

On a recovered Liber8tion device, a comparison of the standard binaries of their package management tool showed some differences. Analyze the files and answer the questions.

Answers

Q1 (10 pts) - What is the name of the original binary?
APT

Q2 (20 pts) - What is the total size, in bytes, of the original binary?
18,752

Q3 (20 pts) - What is the total size, in bytes, of the modified binary?
97,869

Q4 (20 pts) - What is the file extension of the hidden file?
jpeg

Q5 (30 pts) - What is the flag in the file inside the hidden file?
SKY-FLYH-1500

Steps I Took

Q1 — Started by executing the files in terminal they both returned the apt command

Q2 — Viewed the properties for each file to get the size

Screenshot

Q3 — binwalked the modified binary the hidden file is a JPEG

Screenshot

Q4 — extracted the jpeg

Screenshot

Binwalk did not have anything else that seemed useful Moved to steganography used steghide on the jpeg with an empty password

Screenshot

It extracted another image Image contained flag

Screenshot