Note: You should be able to mount the file system and view every file without running into corrupted files. If you encounter corrupted files, it is probably because the filesystem was not correctly mounted/unpacked.

Also note: For this challenge, you’ll have only 100 attempt to find the flag, so don’t guess too much!


Getting a random file, first thing to do is basic recon, run file, exiftool etc. on it, see what comes up.

file finalfinalversionforrealthistime 
finalfinalversionforrealthistime: Linux jffs2 filesystem data little endian

Some other challenge had this jffs2 extraction tool linked to it, so I gave it a try. After extracting the FS, the first thing I saw was a README file:

I hate coming up with flags, they always sound lame.
So with this challenge I wanted to make the perfect flag.
I may have gone a bit overboard though...
Anyways I wrote all the flag candidates under /pi/flags/ folder in multiple
files, so I can organize them, and select the best one.
Sadly I now realize, that I accidentally overwrote the perfect flag,
and I can't remember it. 
Luckily I can remember that I wrote it in the file "flag404" on
the 5. line at exactly 1612346514 unix time.
I must have overwritten it later, because I can't find it anymore.
Can you help me?

Researching the newly found information, I realize you can get his file back, since the journaling mechanism implemented by JFFS2… however, this might have been a massive oversight by the creator, but if you extract the filesystem with the tool mentioned above, you get your hands on the mentioned file immediately. Then you can just read the flag:


← Back to SecChallenge21

all tags