picoCTF Solutions
picoCTF 2024ForensicsEasy

CanYouSee

Published: April 3, 2024Updated: December 9, 2025

Description

How about some hide and seek?

Setup

Download unknown.zip

Download the file and unzip it to expose ukn_reality.jpg.

All work happens locally with command-line tools.

wget https://artifacts.picoctf.net/c_titan/6/unknown.zip && \ unzip unknown.zip

Solution

  1. Step 1Inspect EXIF metadata
    Use exiftool to dump every field. The Attribution URL entry stands out because it holds a Base64-looking string rather than a normal link.
    exiftool ukn_reality.jpg
  2. Step 2Extract just the encoded value
    A quick pipeline can isolate the Attribution URL value, strip whitespace, and hand the text to base64 -d. The decoded output is the entire flag.
    exiftool ukn_reality.jpg | grep "Attribution URL" | cut -d":" -f2 | tr -d " " | base64 -d

Flag

picoCTF{ME74D47A_HIDD3N_a6d...}

Decoding the Attribution URL entry reveals the complete flag shown above.