SuSeC CTF 2020 – Little

In this challenge, we have access to an img file.
As usual for most forensic challenges, I’ll use binwalk with some extra options:

binwalk --dd='.*' -Me little.img

This will recursively extract all known and unknown files inside the Img file:

This will directly give us the second part of the flag:

As shown in binwalk output, there is a KGB compressed file at address 0xC105C00. After installing KGB and extracting the archive, we have the frst part of the flag as an audio file:

Again in the output of binwalk, there was and ext file system at address 0x80000. I’ve used photorec command to exctract the data inside it and what we get is the first part of the flag as an video file:

Concatenating this three parts in order will give us the flag:
SUSEC{c0me_wi4h_f4t_m4n_t0_7he_3nd_0f_t4i3_sUsEc_journey}