We failed to find the flag by brute-forcing...
But there was an easier way.

Original writeup (https://kanglib.pe.kr/hacking/2017/12/21/seccon-2017-quals-jpeg-file.html).