picoCTF Solutions
picoCTF 2024ForensicsEasy

Scan Surprise

Published: April 3, 2024Updated: December 9, 2025

Description

I've gotten bored of handing out flags as text. Wouldn't it be cool if they were an image instead?

Setup

QR decoding

Either download challenge.zip or SSH into atlas and cd ~/drop-in.

Ensure you have zbarimg installed if you want to decode locally.

wget https://artifacts.picoctf.net/c_atlas/3/challenge.zip && \ unzip challenge.zip && \ sudo apt install zbar-tools

Solution

  1. Step 1Locate flag.png
    Inside the extracted challenge directory, flag.png contains the QR code. If you SSHed in, it lives in ~/drop-in/flag.png.
  2. Step 2Scan the code
    Use zbarimg flag.png (or a phone camera) to read the embedded text. zbarimg prints picoCTF{...} directly to stdout.
    zbarimg flag.png

Flag

picoCTF{p33k_@_b00_a81...}

Scanning the QR code reveals the flag instantly.