CTFtime.org / H@cktivityCon 2021 CTF / 2ez / Writeup

![](images/7-header.png)

# 2EZ
### easy | warmups | 50 points

## Challenge Information
These warmups are just too easy! This one definitely starts that way, at least!

## Solution

The challenge included a file with no file type. Now usually my thought process goes to thinking that this may be an executable, and I immediately look for strings in the file.

```shell
$ strings 2ez
.2EZ
JFIF
Baqv
...
```

However, this wasn't a binary file, as one of the strings was JFIF. So its an image file! Changing the extension and opening the image should work, EZ! Or so I thought...

![](images/7-imgopen.png)

Hmm, something's up.

Checked the metadata, no information. Checked the hexdump, nothing that caught my eye.

A bit of googling later, I came across a writeup for a similar challenge ([Modified Header](https://marcellelee.medium.com/ctf-challenge-walkthrough-modified-header-2a4a33976b6d)). After reading that, I went back and looked at the hexdump again, to realize that the file header was corrupted.

![](images/7-corrupt.png)

The hexdump should start with FF D8 FF E0, which is the header for a JFIF file. As it is missing here, the file doesn't open.

The solution? Fix the file header by editing it in a hex editor. I used hexedit in the command line for this challenge.

![](images/7-fixed.png)

Now I checked the file type again, and it recognizes the file type!

Open the image, and it is the flag of the challenge!

![](images/7-2ez.jpg)

Flag: `flag{812a2ca65f334ea1ab234d8af3c64d19}`

Original writeup (https://github.com/piyagehi/CTF-Writeups/blob/main/2021-HacktivityCon-CTF/07-2EZ.md).

2ez

Comments

Sign in with