Challenge category: Forensics / Steganography Difficulty: Medium‑Hard Points: 500 (on a typical 500‑point line) 1. Overview The challenge provides a single file: khatrimaza-org.mkv . The file is a regular‑looking Matroska video container (MKV) – the kind you would normally see on the infamous “Khatrimaza” piracy site.
out = bytes([b ^ key[i % len(key)] for i, b in enumerate(data)])
$ python3 xor.py hidden.bin s3cr3t_k3y_4_f1ag payload.bin 🎉 The Khatrimaza-org-mkv
if __name__ == '__main__': if len(sys.argv) != 4: print(f'Usage: sys.argv[0] <input.bin> <key> <output.bin>') sys.exit(1)
$ mediainfo khatrimaza-org.mkv General Complete name : khatrimaza-org.mkv Format : Matroska File size : 84.3 MiB Duration : 00:03:45.000 Overall bit rate : 2 028 kb/s out = bytes([b ^ key[i % len(key)] for
#!/usr/bin/env python3 import sys
Audio ID : 2 Format : AAC Channel(s) : 2 channels Sampling rate : 44.1 kHz Bit rate : 128 kb/s Text ID : 3 Format : UTF‑8 Nothing
2 00:00:03,001 --> 00:00:07,000 Enjoy the movie. Nothing hidden in the subtitles – just a generic welcome message. We quickly glance at them with ffprobe just to be sure there’s nothing weird:
| File | Size | |---------------------|------| | video.h264 | 79 MiB | | audio.aac | 2 MiB | | subtitles.srt | 1 KB | | Roboto-Regular.ttf | 147 KB | | hidden.bin | 6 KB | 4.1 Subtitles ( subtitles.srt ) $ cat subtitles.srt 1 00:00:00,000 --> 00:00:03,000 Welcome to Khatrimaza!
Text ID : 3 Format : UTF‑8 Nothing suspicious at first glance, but MKV is a very flexible format – it can hold , extra subtitle tracks , chapters , and binary blobs . Those are typical places for a CTF flag. 3. Extract everything from the container We will use mkvextract (part of mkvtoolnix ) to dump all tracks and attachments.