Description
The provided PDF is actually a shell archive containing multiple nested formats (ar, cpio, bzip2, gzip, lzip, etc.). Extract them sequentially until you reach ASCII text, then hex-decode the contents.
Setup
Run the file as a shell archive (`sh Flag.pdf`) to extract `flag`.
Inspect each resulting file with `file` and use the appropriate extractor (ar, cpio, bzip2, gzip, lzip, lz4, lzma, lzop, xz, etc.).
Once the final ASCII file appears, hex-decode it with `xxd -r -p`.
sh Flag.pdf
ar x flag
cpio --file flag.cpio -i
bzip2 flag -d
gunzip flag.gz
lzip flag -d
unlz4 flag.lz4
lzma flag.lzma -d
lzop flag.lzop -d
unxz flag.xz
xxd -r -p flag
Solution
- Step 1Peel each layerAfter each extraction, run `file flag` to identify the next compression/container type and use its counterpart to extract again.
- Step 2Decode the hexThe final file is ASCII hex; `xxd -r -p` converts it back into the readable picoCTF flag.
Flag
picoCTF{f1len@m3_m@n1pul@t10n_f0r_0b2cur17y_3c7...}
Automating the extraction loop with `while file flag | grep ...` can save time on nested compression challenges.