Inside the zip there was an image and a password protected zip file.
The image was always some kind of barcode that when decoded contained code in some programming language.
Running the code always printed the password to the zip, inside of which there was another image and another zip.. and so on for 1024 times.

```
import zipfile
import zxing
from os import listdir, path
import subprocess

reader = zxing.BarCodeReader()

def cmd_java(x):
cp, name = x.split('.')[0].split('/')
return f'javac {x} && java -cp {cp} {name}'

lang_dict = {
'PHP': ('php', lambda x: 'php ' + x),
'Python': ('py', lambda x: 'python3 ' + x),
'JavaScript': ('js', lambda x: 'node ' + x),
'Java': ('java', cmd_java),
'Bash': ('sh', lambda x: 'bash ' + x),
'BrainFuck': ('bf', lambda x: 'bf ' + x),
}

def get_lang(txt):
if ':\n' in txt: return 'Python'
elif 'php' in txt: return 'PHP'
elif 'class ' in txt: return 'Java'
elif 'var ' in txt: return 'JavaScript'
elif '; do' in txt: return 'Bash'
elif '+++' in txt: return 'BrainFuck'
else:
return 'NOPE'

def extract(file, pwd, outdir):
o = subprocess.check_output(
['7z', 'x', '-y', '-p' + pwd, '-o' + outdir, file])
return o

def barcode(file):
return reader.decode(file).raw

def explore_dir(dir):
l = listdir(dir)
img = next(f for f in l if f.endswith('.png'))
zip = next(f for f in l if f.endswith('.zip'))
return path.join(dir, img), path.join(dir, zip)

def do_shit(dir, outdir):
img, zip = explore_dir(dir)
code = barcode(img)
lang = get_lang(code)
try:
ext, cmd = lang_dict[lang]
except:
print(code)
print(lang)
raise ''
fn = path.join(dir, 'Main.' + ext).replace('\\', '/')
open(fn, 'w').write(code)
pwd = subprocess.check_output(cmd(fn), shell=True).decode().strip()
print(fn, pwd)
extract(zip, pwd, outdir)

i = 0
while True:
do_shit(str(i), str(i+1))
i += 1
```
The 1023rd brainfuck code printed the flag: `{FLG:P33k-4-b0o!UF0undM3,Y0urT0olb0xIsGr8!!1}`.