Codsmp.zip May 2026

Scope – This write‑up assumes you have obtained the codsmp.zip archive from a CTF or a reverse‑engineering challenge. The goal is to get the flag (or the hidden payload) that the archive is protecting. Prerequisites – A Linux/macOS workstation (or WSL on Windows) with the usual forensic / reverse‑engineering toolbox: unzip , 7z , binwalk , exiftool , strings , file , hexedit , john , hashcat , python3 , radare2 / ghidra , pwntools , etc. 1. Initial Inspection $ file codsmp.zip codsmp.zip: Zip archive data, at least v2.0 to extract, compressed size 1.3 MB, uncompressed size 5.6 MB, name=codsmp.zip

$ strings -a payload_decrypted.bin | head -20 /lib64/ld-linux-x86-64.so.2 libc.so.6 GLIBC_2.2.5 puts printf ... codsmp.zip

data = open('archive.enc','rb').read() key = b' ' decoded = bytes(b ^ 0x20 for b in data) print(decoded[:64]) Result: Scope – This write‑up assumes you have obtained

'PK\x03\x04\x14\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' That is the ( PK\x03\x04 ). So archive.enc is a ZIP archive XOR‑encrypted with a single‑byte key 0x20 . 4.2.1 Decrypting it $ python3 -c "import sys; data=open('archive.enc','rb').read(); open('inner.zip','wb').write(bytes(b ^ 0x20 for b in data))" $ unzip inner.zip -d inner Archive: inner.zip inflating: inner/secret_flag.txt inner/secret_flag.txt contains: So archive

if __name__ == '__main__': main() Running it prints all four flags (the MD5/SHA‑256 ones will appear only if those derived binaries indeed contain a flag string). Adjust the extract_flag regex if the flag format differs. | Step | Tool / Command | What we learned | |------|----------------|-----------------| | 1️⃣ | file , unzip -l | Archive is not password‑protected; contains payload.bin , secret.py , archive.enc . | | 2️⃣ | Read `README