Flatpack-522.rar Info

# 5. Decode QR code from extracted PNG FLAG=$(zbarimg _mystery.bin.extracted/00000000.png | awk -F: 'print $2') echo "✅ Flag: $FLAG" Running the script prints:

$ unrar x -p522 flatpack-522.rar Result: – the archive opens, extracting a single file named inner.rar . 3.2 Confirmed Password The correct password is 522 (the numeric suffix of the archive’s name). (If you want a more systematic approach, you could also script a quick for i in 0..999; do unrar x -p$i ... && break; done loop.) 4. Analyzing inner.rar The newly extracted inner.rar is again a RAR5 archive, but this time it is not encrypted .

#!/usr/bin/env bash set -e

$ feh _mystery.bin.extracted/00000000.png The image is a . Decode it with zbarimg : flatpack-522.rar

$ steghide extract -sf cover.png -p "" -xf hidden.txt (If steghide asks for a password, just press Enter – it’s not password protected.)

# 4. Unpack the binary blob binwalk -e mystery.bin > /dev/null

$ display cover.png Nothing obvious appears. However, the challenge name “FlatPack” hints at “flat” data (i.e., a flat image with hidden data). Use zsteg (a popular stego tool) to search for hidden data: (If you want a more systematic approach, you

The archive is deliberately obfuscated: it contains a password‑protected inner RAR, a steganographically‑hidden image, and a small custom‑packed executable that must be run in a controlled environment. $ file flatpack-522.rar flatpack-522.rar: RAR archive data, version 5, created Tue Sep 5 13:42:10 2023, encrypted

The secret lies within the binary. So the PNG is just a hint, not the flag itself. 6.1 File Type $ file mystery.bin mystery.bin: data Run binwalk to look for embedded files:

DECIMAL HEX DESCRIPTION 0 0x0 PNG image, 256 x 256, 8-bit/color RGBA, non-interlaced Extract the PNG: Try the following candidates:

Cannot open encrypted file. Use -p option to specify a password. Thus we need the password. 3.1 Brute‑Force / Dictionary Attempts A quick dictionary attack with common passwords (e.g., password , 12345 , admin ) fails. The creator hints in the challenge description: “The key is hidden inside the name of the pack itself.” The file name flatpack‑522 suggests the password may be related to the number 522 .

$ zbarimg _mystery.bin.extracted/00000000.png QR-Code:HTBfl4t_p4ck_5c4nn3r_2023 That is the flag. Below is a one‑liner script that reproduces the entire process automatically. It assumes you have unrar , zsteg , binwalk , and zbarimg installed.

Try the following candidates: