Forensics

Open the PNG in binary mode, locate the ASCII string ‘flag’ in the raw byte stream, and print every byte after that index — the flag is embedded verbatim in the file’s binary content.

Filter a PCAP for TCP packets, decode each packet’s payload from hex, and concatenate them in order — the resulting byte stream contains the flag.

The GIF has wrong magic bytes at the start. Replace the first 13 bytes with the correct GIF89a header, open the repaired file with Pillow, and iterate through frames saved as WebP to find the flag.

The flag is encoded as concatenated 0x-prefixed hex bytes embedded directly in the capture. Strip the prefixes, decode with bytes.fromhex, and print.

Two known-plaintext byte sequences (k and l) from the PCAP header XOR to reveal the repeating key. XOR the encrypted flag block with that key to recover the plaintext.

A WAV file carries the flag in Morse code audio. Decode it automatically with morse-audio-decoder and wrap the result in flag{…}.

Filter Ethernet frames with EtherType 0xffff — the custom protocol used by this challenge — collect the destination MAC address from each matching frame, interpret the first two hex bytes as ASCII, and concatenate to reveal the flag.

Run strings on the PCAPNG and grep for ‘flag’ — the flag is stored as plain ASCII inside the capture file and visible without any packet parsing.

A flag is hidden inside 3000 recursively nested ZIP archives. Loop backwards from flag3000.zip to flag1.zip, extracting and deleting each archive in turn until the innermost file is revealed.

100 nested password-protected ZIPs. Crack each archive’s password against the rockyou wordlist, extract, delete, and repeat — 100 times.