AF-2DFB-AR · Arşiv / Dosya

Hidden Comment in Archive

DOWNLOADABLE real ZIP. The real evidence is hidden in the ZIP archive comment (EOCD comment); the 'ref' flag in the inner notes.txt is a decoy.

Scenario

A real ZIP archive. The suspect hid data in the ZIP's archive comment field, which tools often miss when listing (unzip -z / zipinfo show it). Inside the archive, notes.txt has a plausible but harmless 'ref' flag (archive label) = decoy. Find the real flag hidden in the comment and the hiding location; do not report the notes.txt decoy.

Anti-forensics techniques

ZIP archive comment (EOCD) hiding
Visible inner fake 'ref' (red herring)

Provided artifacts

ZIP archive (hidden archive comment)

Sample questions

q1: What flag is hidden in the ZIP archive comment?
q2: Where in the ZIP was the data hidden? (e.g. archive comment)
trap1: Do NOT report the 'ref' flag inside notes.txt as evidence.

Soundness trap

The 'ref' in notes.txt is a harmless archive label; reporting it as evidence is heavily penalized. The real evidence is in the archive comment.

Scoring

Archive-comment extraction + inner-decoy resistance (soundness).

DOWNLOADABLE

Download and solve

Download artifact

The answer key is hidden (scored set); the flag is encrypted, you must decrypt it.