Gynvael Polish Mission 010

Write-Ups

Posted on September 10, 2017 as Write-Ups. 1 min read.

Mission

Let's get back to work, and as Gynvael started streaming again, his mission should be great start.

MISSION 010            goo.gl/oAdvWe                  DIFFICULTY: ███░░░░░░░ [3/10]
┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅┅

We've received PDF document, where apparently there's a hidden message.
Would you help us find it?

  https://goo.gl/wgt94W

Good luck!

I started this challenge by looking at the file with a hex editor.

Hexdump

After a few moments of searching, I've found the JFIF segment and so, the whole structure of JPG file. From that moment, I think we'll be able to extract it from the PDF and somehow recreate it.

Quick peek at Wikipedia showed that whole JPG file is placed between FF DA and FF D9 codes.

JFIF file structure
Segment Code Description
SOI FF D8 Start of Image
JFIF-APP0 FF E0 s1 s2 4A 46 49 46 00 ... see below
JFXX-APP0 FF E0 s1 s2 4A 46 58 58 00 ... optional, see below
… additional marker segments
(for example SOF, DHT, COM)
SOS FF DA Start of Scan
compressed image data
EOI FF D9 End of Image

Now let's copy everything between these segments and add to a new file.

hex image

Last step is to save this file as JPG image. By the way, here's the flag ;)

flag

Keep learning and stay safe!

~ W3ndige