jigsaw@jigsaw
  • About Me
  • 👾Forensics CTF Methodology
    • Hard Disk Analysis Methodology
  • 📝ICTF 2024 Writeups
    • REDACTED
    • UnDelete
    • UnRename
  • 📝OSCTF 2024 Writeups
    • Leaky Pipes [Pwn]
    • Buffer Buffet [Pwn]
    • Another Python Game [Rev]
    • Phantom Script Intrusion [Forensics]
    • FOR101 [Forensics]
  • 📝UTAR Amazing Cyber Hunt CTF Writeups
    • OLE - Dirty Laundry [Forensics]
  • 📝PWC Hackaday CTF 2024
    • Taking On PWC's Active Directory Challenges Again
  • 📝SherpaCTF 2024 Writeups
    • Oren [Boot2Root]
Powered by GitBook
On this page
  1. ICTF 2024 Writeups

REDACTED

PreviousHard Disk Analysis MethodologyNextUnDelete

Last updated 9 months ago

Challenge Name: REDACTED

Category: Forensics

Difficulty: Easy

Description: I have forgotten my AI's name, can you find it?

The challenge provided us with a file called REDACTED.h5 . So, the standard operating procedure in any Forensics challenge is to check the "actual" file type of the file with the file command in Linux. As we can see, the file provided is a Hierarchical Data Format Format file.

In any Forensics challenge, when faced with an unknown file type. The best course of action is to find a tool that can read the file or if you don't want to, use strings to display visible strings within the file. Doing that reveals a json list to us of which one of them is a weird string,SUNURjI0e25hTWVfb0ZfN2hFX2c0TUV9. If you do a lot of CTFs, you would recognise this weird string to be a Base64-encoded string. Don't worry if you don't recognise it, it takes time and experience to know.

Using a tool that's already in Linux called base64, we can use echo with the | (pipe operator) to pass the string to the tool with the argument -d to decode the string. Doing so reveals the flag!

Flag: ICTF24{naMe_oF_7hE_g4ME}
📝