Simple walkthrough - extract the FS, identify /bin/back and reverse the pyc file, which needs a username and pincode. We can get the username from /etc/passwd, and we brute force the pin code for glorious victory.

Original writeup (https://advancedpersistentjest.com/2017/10/08/writeup-backdoor-pi-kaspersky-labs-ctf/).