Rating: 0

Unzipping the given zip file with `unzip challenge.zip` gives us `puzzle.jpg`.

There are some interesting *strings* in it.

```sh
$ strings puzzle.jpg
...
flag.zip
puzzle.png
```
So, there must be *embedded* files in the image.

Let's use [binwalk](https://tools.kali.org/forensics/binwalk) to extract those files.
```sh
$ binwalk -e puzzle.jpg
...
$ ls
challenge.zip puzzle.jpg _puzzle.jpg.extracted
$ cd _puzzle.jpg.extracted/
$ ls
47041.zip flag.zip puzzle.png
$ unzip flag.zip
Archive: flag.zip
skipping: flag.txt unsupported compression method 99
```
We can see that there is `flag.txt` in `flag.zip`. But we can't unzip because *zip* says "unsupported compression method 99".

I searched online for this problem and in [here](https://access.redhat.com/solutions/59700) it says

![](https://raw.githubusercontent.com/MikelAcker/CTF_WRITEUPS_2021/main/TMUCTF_2021_Writeup/Misc/Puzzle/info1.png)

So, we can use *7zip* to extract `flag.txt` file.

```sh
$ 7z e flag.zip
...
Enter password (will not be echoed):
```
But, we don't know the **password**.

Let's leave `flag.zip` for now and check other files.

### puzzle.png (file got from extracting puzzle.jpg)
![](https://raw.githubusercontent.com/MikelAcker/CTF_WRITEUPS_2021/main/TMUCTF_2021_Writeup/Misc/Puzzle/puzzle.png)
First line is `12`.

In second line, we put `1` at the beginning and count how many of what numbers is in the *previous* line.There are one `1` and one `2`.So, [one `1`] becomes `11` and [one `2`] becomes `12`.And, we will get `11112`.

In third line, we put `2` at the beginning.There are four `1` and one `2` in the *previous* line. So, we will get `24112`.

So, the `?` will be `61542142311`.

Let's try that as `password`.

```sh
$ 7z e flag.zip
...
Enter password (will not be echoed):
Everything is Ok

Size: 80
Compressed: 296
$ ls
47041.zip flag.txt flag.zip puzzle.png
$ cat flag.txt
R1pIUEdTe1EzeV9NM19RNDU3NHpfRTRzNzBfVzRhX1U0el9PMV9RM3kwX1c0YV9QdTAwYV9YMGE0en0=
```
There is **base64** encoded string in `flag.txt`.

We can decode it with `base64 -d flag.txt`.

```sh
$ base64 -d flag.txt
GZHPGS{Q3y_M3_Q4574z_E4s70_W4a_U4z_O1_Q3y0_W4a_Pu00a_X0a4z}
```
**Base64** decoding gives us a string which is **ROT13**ed.
```sh
$ base64 -d flag.txt | python -c 'import sys; print sys.stdin.read().decode("rot13")'
TMUCTF{D3l_Z3_D4574m_R4f70_J4n_H4m_B1_D3l0_J4n_Ch00n_K0n4m}
```
So the **flag** is `TMUCTF{D3l_Z3_D4574m_R4f70_J4n_H4m_B1_D3l0_J4n_Ch00n_K0n4m}`.

Original writeup (https://github.com/MikelAcker/CTF_WRITEUPS_2021/tree/main/TMUCTF_2021_Writeup/Misc/Puzzle).