Suninatas Game 28

Posted on Edited on In Views: Disqus:

challenges

Game 28

The hint says brute-force is unnecessary, so this is likely a file-format trick.

1
2
$ file So_Simple.zip
So_Simple.zip: Zip archive data, ...

This challenge uses ZIP pseudo-encryption (the encrypted flag bit is set even though the entry is not truly encrypted). That can break normal extraction in some tools.

Method 1: Use a pseudo-encryption aware tool

unar can extract So_Simple.zip directly:

1
2
3
4
5
$ unar So_Simple.zip
So_Simple.zip: Zip
  Am_I_key.zip   (205 B)... OK.
  Am_I_key2.txt  (4335 B)... OK.
  Am_I_key3.txt  (1445 B)... OK.

Then extract the nested ZIP:

1
2
3
4
5
6
7
8
9
10
$ unar Am_I_key.zip
Am_I_key.zip: Zip
  There_is_key.txt  (61 B)... OK.

$ cat There_is_key.txt
Isn't it so easy?

Take it.

dGE1dHlfSDR6M2xudXRfY29mZmVl

Decode Base64:

1
2
$ echo dGE1dHlfSDR6M2xudXRfY29mZmVl | base64 -d
ta5ty_H4z3lnut_coffee

Method 2: Patch ZIP header manually

You can also fix the ZIP flags in a hex editor (or radare2) by clearing the encryption bit in the local file header / central directory entries (0x0908 -> 0x0008 for relevant records). After patching, standard unzip tools work.

ta5ty_H4z3lnut_coffee