Rating: 4.5


We are given a stub of a binary blob. Running `file` we get:

original/stub: JPEG image data, progressive, precision 8, 240x320, components 3

So it's a jpeg! Let's give it a better filename and see what's inside.


So, we see the first part of the flag! Initially I ran through `stegsolve`, `foremost`, and `binwalk` and didn't really get anything out of any of them. So, looking again at the first part of the flag I decided to see how many instances of `\xff\xd8` are in the stub file.

xxd -p stub.jpeg | tr " " "\n" | grep -c "ffd8"

So we can see there are at most 4 jpeg files embedded in this one. So I whipped up python script to extract them out and dump them to their own jpeg files.

import binascii

def write_jpg(i, image):
with open(f'{i}.jpg', 'wb+') as jpeg_file:
except Exception as ex:
print(f"Could not write {i}: {ex}")

my_file = "stub.jpeg"
with open(my_file, 'rb') as file_t:
blob_data = binascii.hexlify(file_t.read())
images = [b'ffd8' + x for x in blob_data.split(b'ffd8')][1:]

for i, image in enumerate(images):
if len(image) % 2 != 0:
image += b'0'
write_jpg(i, image)

The final files are:




and I'm guessing just a jibberish file for `3.jpg`.

`Flag: sdctf{FFD8_th3n_S0ME_s7uff_FFD9}`