flag-is-hidden

Description

The flag is hidden in the attached file. Can you find it?

PS: stegano tools can "rock your" score

First of all, let’s download the file and see what kind of file is. It seems to be an apk file. I usually start by analyzing the file using the basic stegano tool: exiftool to get some info about the file. After that I used a tool that extract data using headers, footers and data structures.

foremost -i flag.apk

The output is more friendly and I get the audit.txt file and jpg, png and zip directories. So let’s analyze them.

In jpg I found a jpg file and I try to analyze it using basic tools.

steghide extract -sf 00001863.jpg
#Output:steghide: could not extract any data with that passphrase!

That make me think it is something in this jpg file and all I need to do is get the password. I can get the password with stegseek:

stegseek --crack 00001863.jpg ~/Documents/rockyou.txt           
StegSeek 0.6 - https://github.com/RickdeJager/StegSeek

[i] Found passphrase: "1234"
[i] Original filename: "secret.txt".
[i] Extracting to "00001863.jpg.out".

In the output file it is the flag, but it seems to be encrypted with base64:

echo 'RUNTQ3thM2NmYzdmNGY4MTJjYzRiNTExZjZkZTRkYzE1MDQyMmY0OWU4MTdjMGY2MTMyMTg1MmE4MWU2YjVmMzk2MWJhfQ=='| base64 -d