picoCTF Solutions
picoCTF 2024ForensicsMedium

endianness-v2

Published: April 3, 2024Updated: December 9, 2025

Description

Here's a file that was recovered from a 32-bits system that organized the bytes a weird way. We're not even sure what type of file it is. Download it here and see what you can get out of it

Setup

CyberChef workflow

Download the provided file (hurt.c).

Open CyberChef (or use a local script) to perform the endianness swap.

wget https://artifacts.picoctf.net/c_titan/85/hurt.c

Solution

This builds on the basic endianness challenge by applying byte-order swapping to forensics. Instead of simple word conversion, you fix a corrupted image file by swapping 32-bit chunks.
  1. Step 1Convert to hex
    Load the file into CyberChef and run To Hex to view the raw bytes.
  2. Step 2Swap endianness
    Apply Swap Endianness with word length 4 (little ↔ big). Now the magic bytes resemble a valid JPEG header.
  3. Step 3Render the image
    Run From Hex followed by Render Image (Raw) to display the image containing the flag text.

Flag

picoCTF{cert!f1Ed_iNd!4n_s0rrY_3nDian_76e...}

Swapping each 32-bit word back to big endian renders the image holding the flag.