unknown_file (300)

  • Challenge description: I don't really know what to make of this file. I wish there was a way to visualize it, but all I see are blocks of data...
  • Points: 300
  • Contents: unknown_file.zip (containing message.txt and file.bin)

We are given a .bin file. A .bin extension usually means it is raw, unstructured data. The challenge description contains plenty of hints, too. It suggests you should try to visualize it, and that it are "blocks" of data.

Let's start with looking at a hexdump of the data:

/mnt/c/Users/HoLLy/Downloads/unknown_file ❯ xxd file.bin
00000000: 0000 0000 ffff ffff ffff ffff ffff ffff  ................
00000010: ffff ffff ff80 0000 ffff ffff ffff ffff  ................
00000020: ffff ffff ff80 0000 ffff ffff ffff ffff  ................
00000030: ffff ffff ff80 0000 e000 00ff f1ff 1f81  ................
00000040: f8e3 ffc0 1f80 0000 e000 00ff f1ff 1f81  ................
00000050: f8e3 ffc0 1f80 0000 e000 00ff f1ff 1f81  ................
00000060: f8e3 ffc0 1f80 0000 e3ff f8fc 0fc0 e071  ...............q
00000070: f81c 7fc0 ff80 0000 e3ff f8fc 0fc0 e071  ...............q
00000080: f81c 7fc0 ff80 0000 e3ff f8fc 0fc0 e071  ...............q
00000090: f81c 7fc0 ff80 0000 e380 38ff f1c0 fc0f  ..........8.....
000000a0: fffc 7e07 0380 0000 e380 38ff f1c0 fc0f  ..~.......8.....
000000b0: fffc 7e07 0380 0000 e380 38ff f1c0 fc0f  ..~.......8.....
000000c0: fffc 7e07 0380 0000 e380 38fc 71c7 fffe  ..~.......8.q...
000000d0: 071c 7ff8 e380 0000 e380 38fc 71c7 fffe  ..........8.q...
000000e0: 071c 7ff8 e380 0000 e380 38fc 71c7 fffe  ..........8.q...

We see a lot of 00 and FF bytes, and the other bytes seem to be repeating too. Combining this with the hint that we need to "visualize" this data, it's pretty safe to bet that this is some kind of bitmap image without header.

GIMP has a nice feature where it allows you to load raw data as an image with various encodings, so let's import it in that. Opening an image allows you to select the file type, and setting it to "raw data" allows us to get the dialog we want:

open file dialog

Then, we can go through the image types until we find something that vaguely represents something that is not noise. After that, adjust the width until everything seems to line up, and if needed change the offset to make sure the top left is actually at the top left. Then we get something like this:

import file dialog

Scan this with your favorite QR code scanner and we get the flag RTN{b1tm4ps_d0nt_n33d_h34d3r_1nf0}.