The goal of the challenge is to retrieve the hidden flag that the creator has concealed inside the RAR file. The write‑up is organized into the typical CTF sections: , exploitation / analysis , extraction , and flag retrieval . 1. Overview & Goal | Item | Description | |------|-------------| | Challenge name | FlatPack‑522 | | File | flatpack-522.rar (≈ 2 MiB) | | Category | Forensics / Reverse Engineering | | Typical points | 200‑300 (depends on the event) | | Goal | Extract the hidden flag (format: HTB... or FLAG... ) from the archive. |

hidden.txt now contains:

The secret lies within the binary. So the PNG is just a hint, not the flag itself. 6.1 File Type $ file mystery.bin mystery.bin: data Run binwalk to look for embedded files:

$ unrar x -p522 flatpack-522.rar Result: – the archive opens, extracting a single file named inner.rar . 3.2 Confirmed Password The correct password is 522 (the numeric suffix of the archive’s name). (If you want a more systematic approach, you could also script a quick for i in 0..999; do unrar x -p$i ... && break; done loop.) 4. Analyzing inner.rar The newly extracted inner.rar is again a RAR5 archive, but this time it is not encrypted .

# 4. Unpack the binary blob binwalk -e mystery.bin > /dev/null

# 3. (Optional) Look for hidden data in the cover image # zsteg -a cover.png # just for curiosity

[LSB] bpp: 8, plane: 0, offset: 0, bits: 1, 0x30 bytes hidden (ASCII) Extract the LSB stream:

Good luck, and happy hunting!

Cannot open encrypted file. Use -p option to specify a password. Thus we need the password. 3.1 Brute‑Force / Dictionary Attempts A quick dictionary attack with common passwords (e.g., password , 12345 , admin ) fails. The creator hints in the challenge description: “The key is hidden inside the name of the pack itself.” The file name flatpack‑522 suggests the password may be related to the number 522 .

$ binwalk mystery.bin Output:

$ display cover.png Nothing obvious appears. However, the challenge name “FlatPack” hints at “flat” data (i.e., a flat image with hidden data). Use zsteg (a popular stego tool) to search for hidden data:

# 1. Extract outer archive (password = 522) unrar x -p522 flatpack-522.rar

Try the following candidates:

$ zsteg -a cover.png Output shows:

#!/usr/bin/env bash set -e