BCACTF · mud-ali · Aug 20, 2023 · Aug 18, 2023 · Aug 18, 2023
diff --git a/headers-ii/chall.yaml b/headers-ii/chall.yaml
@@ -0,0 +1,16 @@
+name: Headers II
+categories:
+  - foren
+value: 75
+flag: camp{wH@7s_an_3xTr@_f!l3_aNYw@y$_r3dhi8ib28bf}
+description: |-
+  My friends are passing even weirder files within the group chat now. 
+  I have no clue what they're trying to hide this time.
+hints:
+  - There's no file extension, but what other way could I figure out what type of file it is?
+  - Someone told me there might be multiple files (even though they only sent one)
+files:
+  - src: funfile
+authors:
+  - Mudasir
+visible: true
diff --git a/headers-ii/flag.png b/headers-ii/flag.png
diff --git a/headers-ii/funfile b/headers-ii/funfile
diff --git a/headers-ii/generator.py b/headers-ii/generator.py
@@ -0,0 +1,25 @@
+'''
+@author Mudasir
+
+some util function(s) to generate flag and copy it to video
+'''
+
+from PIL import Image, ImageDraw, ImageFont
+import io
+
+FLAG = 'camp{wH@7s_an_3xTr@_f!l3_aNYw@y$_r3dhi8ib28bf}'
+
+def generate_flag():
+    final_bytes = io.BytesIO()
+    img = Image.new('RGB', (600, 100), color = (0, 0, 0))
+    d = ImageDraw.Draw(img)
+    fnt = ImageFont.truetype('arial.ttf', 20)
+    d.text((40,30), FLAG, font=fnt, fill=(255,255,255))
+    # img.save('flag.png')
+    img.save(final_bytes, format='PNG')
+    final_bytes = final_bytes.getvalue()
+
+    with open('funfile', '+ab') as f2:
+        f2.write(final_bytes)
+
+generate_flag()
diff --git a/headers-ii/solve/solve.md b/headers-ii/solve/solve.md
@@ -0,0 +1,8 @@
+# File headers
+
+Hint in the name: headers. Despite the lack of a file extension we can check the file header / magic number See: (https://en.wikipedia.org/wiki/List_of_file_signatures)[https://en.wikipedia.org/wiki/List_of_file_signatures] for more information on file headers.
+
+Opening the file in a text and/or hex editor shows us that we have an mp4 file. However, the video does not open in a media player. Further examination would show that the file has a PNG glued on to it. Separating the files shows us that the video is a red herring, and the PNG has the flag.
+
+
+Script is included at (solve.py)[solve.py], run in the same directory as the file. It creates (solve.png)[solve.png] with the flag.
diff --git a/headers-ii/solve/solve.png b/headers-ii/solve/solve.png
diff --git a/headers-ii/solve/solve.py b/headers-ii/solve/solve.py
@@ -0,0 +1,6 @@
+with open('funfile','rb') as f:
+    data = f.read().split(b"\x89PNG")
+    with open('solve.png','wb') as f2:
+        f2.write(b"\x89PNG")
+        f2.write(data[1])
+        print('Done')