Description
I’ve gotten bored of handing out flags as text. Wouldn’t it be cool if they were an image instead?You can download the challenge files here:
Additional details will be available after launching your challenge instance.
🧩 Challenge Description
In this challenge, we are given a ZIP file that contains an image.
Our goal is to extract the flag hidden inside a QR code.
🗜️ Step 1: Unzip the downloaded file
First, we unzip the provided archive:
$ unzip challenge.zip Archive: challenge.zip creating: home/ctf-player/drop-in/ extracting: home/ctf-player/drop-in/flag.png
✅ Explanation:
unzipextracts files from a ZIP archive.- After extraction, we find
flag.pnginside the folderhome/ctf-player/drop-in/.
🖼 Step 2: Identify the image as a QR code
By opening flag.png, we notice that it contains a QR code.
QR codes are matrix barcodes that store text, URLs, or other data.
🔧 Step 3: Scan the QR code with zbarimg
We can use the tool zbarimg to read QR codes from images:
$ zbarimg flag.png
QR-Code:picoCTF{p33k_@_b00_3f7cf1ae}
scanned 1 barcode symbols from 1 images in 0 seconds
✅ Explanation:
zbarimgis a command-line tool that scans QR codes and barcodes from images.- It outputs the text encoded inside the QR code.
Here, it reveals the flag directly.
🏁 Step 4: Capture the Flag
picoCTF{p33k_@_b00_3f7cf1ae}
🧠 Summary
| Step | Command | Purpose | Key Finding |
|---|---|---|---|
| 1 | unzip | Extract files from ZIP | flag.png found |
| 2 | Open image | Identify type | QR code detected |
| 3 | zbarimg | Scan QR code | Flag revealed |
💡 Beginner Tips
- QR codes often appear in CTFs as a quick way to hide flags in images.
zbarimgis perfect for scanning QR codes without needing a GUI.- Always check the file type and contents before attempting to extract the flag.