NetOn CTF 2021 - Gotta catch em flag

Misc – 248 pts (6 solves) – Chall author: Troyano

A flag hidden inside a Pokémon game, more like Pogémon amirite…



With such a title, I’m expecting some kind of link to Pokémon, which would be amazing :). Anyway, we are given a simple JPG image, nothing suspicous so far. However, a quick binwalk tells us otherwise

$ binwalk NETON.jpg 
0             0x0             JPEG image data, JFIF standard 1.01
30            0x1E            TIFF image data, big-endian, offset of first image directory: 8
476           0x1DC           Copyright string: "Copyright (c) 1998 Hewlett-Packard Company"
122067        0x1DCD3         RAR archive data, version 5.x

Mmh… a RAR file attached to the image, okay. Let’s extract it. Now we find a which is password protected :c, and a folder called ‘EmuCR-no$gba-w’. An GBA emulator of some sorts??? Are we actually going to play Pokémon, that would be great. Hey, there’s a Pokémon Fire Red save file in here. After sneaking in a ROM file, and booting up the emulator, we are greeted by a lovely surprise

Alright, sure thing! Let’s look at our box.

So the password for the zip is ‘334355GUACAMOLEFRIES’, lovely! In it, we find Flag.txt containing our flag safely encoded in base64… but not for long!