The Khatrimaza-org-mkv 〈TRUSTED 2025〉

$ python3 xor.py hidden.bin s3cr3t_k3y_4_f1ag payload.bin 🎉

if __name__ == '__main__': if len(sys.argv) != 4: print(f'Usage: sys.argv[0] <input.bin> <key> <output.bin>') sys.exit(1) The Khatrimaza-org-mkv

DECIMAL HEXadecimal DESCRIPTION -------------------------------------------------------------------------------- 0 0x0 Unknown file type (0x42494E41) No known signature (e.g., gzip, zip, 7z) is detected. steghide , zsteg , exiftool can sometimes extract hidden payloads from generic binaries. $ python3 xor

Attachment ID 0: font (fonts/Roboto-Regular.ttf) size: 147,896 bytes Attachment ID 1: binary (attachments/hidden.bin) size: 6,432 bytes The second attachment ( hidden.bin ) looks like a generic binary blob – a classic place for a flag. We extract everything: We extract everything: $ hexdump -C hidden

$ hexdump -C hidden.bin | head 00000000 42 49 4e 41 52 59 20 66 69 6c 65 20 73 69 67 6e |BINARY file sign| 00000010 61 74 75 72 65 20 70 72 6f 74 65 63 74 65 64 20 |ature protected | ... The first bytes read – looks like a custom marker added by the challenge creator. 5.2 Entropy check – is it compressed / encrypted? $ ent hidden.bin Entropy = 7.998997 bits per byte. Very high entropy (~8 bits/byte) – it is either compressed or encrypted. 5.3 Try common decompression tools We test a few common formats with binwalk :

$ binwalk hidden.bin

$ mediainfo khatrimaza-org.mkv General Complete name : khatrimaza-org.mkv Format : Matroska File size : 84.3 MiB Duration : 00:03:45.000 Overall bit rate : 2 028 kb/s