PicoCTF - Matryoshka doll



PicoCTF 2021 / Forensics


Matryoshka dolls are a set of wooden dolls of decreasing size placed one inside another. What’s the final one?
Image: this


Binwalk, which is a tool for searching a given binary image for embedded files and executable code.


  1. Download the file.
     wget https://mercury.picoctf.net/static/205adad23bf9d8303081a0e71c9beab8/dolls.jpg
  2. Unzip the file
     binwalk -e dolls.jpg
  3. Use ls command, we can see that there are one file(dolls.jpg) and one folder(_dolls.jpg.extracted). Second picture(2_c.jpg) is in _dolls.jpg.extracted/base_images.
  4. Repeat unzip like step 2 three times.
     cd _dolls.jpg.extracted/base_images
     binwalk -e 2_c.jpg
     cd _2_c.jpg.extracted/base_images
     binwalk -e 3_c.jpg
     cd _3_c.jpg.extracted/base_images
     binwalk -e 4_c.jpg
     cd _4_c.jpg.extracted
  5. Now If we use ls command to list all file under the folder, there is a file named flag.txt !
  6. Here’s our flag. ٩(^ᴗ^)۶
     cat flag.txt
     # picoCTF{96fac089316e094d41ea046900197662}