First we download the pdf file and open it with any browser. By pressing
The flag is
FLAG{XXXXXXXXXXXXX}
This time
We notice how the pdf file contains multiple objects with streams. If we delete the stream of an object, the pdf file will still be valid and we can open it with a pdf reader but the content of the object will be lost.
If we try a bit we will find the object tat is the black rectangle and we can delete it's stream. The flag will be revealed.
5 0 obj
<<
/Length 18
>>
stream
35 385 520 50 re f
endstream
endobj
After deleting the stream of object 5 it will look like this:
5 0 obj
<<
/Length 18
>>
stream
endstream
endobj
We again download the pdf file and look at it's source code. This time we decode the pdf streams and use
We can decode the pdf using
mutool clean -d 1988challenge2.pdf 2_decoded.pdf
Then we can use
grep "FLAG" 2_decoded.pdf
The flag will be revealed.
FLAG{XXXXXXXXXXXXXXXXXXXXX}
We can't open this pdf file in a browser, because it's a pdf-bomb. we need to use
(You could be lucky and the file doesn't crash your browser, but it's better to use
wget https://storage.googleapis.com/bq23-attachments-project/1988challenge3.pdf
(You can also
If we look at the pdf we see a giant stream with a filter containing one time
Because
We start by decoding the stream with
import base64
def ascii85decode_file(input_file, output_file):
with open(input_file, 'rb') as file:
encoded_data = file.read()
decoded_data = base64.a85decode(encoded_data)
with open(output_file, 'wb') as file:
file.write(decoded_data)
ascii85decode_file('encoded_stream.txt', 'decoded_stream.txt')
Then we can use
import zlib
def flatedecode_until_plaintext(input_file, output_file):
with open(input_file, 'rb') as file:
compressed_data = file.read()
while True:
try:
decoded_data = zlib.decompress(compressed_data)
compressed_data = decoded_data
except:
break
with open(output_file, 'wb') as file:
file.write(decoded_data)
flatedecode_until_plaintext('decoded_stream.txt', 'encoded.txt')
After running this script we obtain th flag.
BT
/F1 30 Tf
10 400 Td
(FLAG{XXXXXXXXXXXXXXXXXXXXXX})Tj
ET