Las Inscripciones a la Academia Online están cerradas.VER MÁS Apertura limitada - solo 4 veces al año.

emmascarlett pierwszyrazmaxxazemmaxesp full

Menú principal

Academia Curso Costura Curso Patronaje Blog
Regalar un curso
Entrar Crear cuenta

Emmascarlett Pierwszyrazmaxxazemmaxesp Full May 2026

| Category | Steganography / Crypto | |----------|------------------------| | Points | 350 (medium) | | Files provided | emmascarlett.png (a 1 MB PNG) | | Description (as shown on the platform) | “Emmas Carlett is trying to hide a secret message. She says it’s the “pierwszy raz” (first time) and that it’s “maxxazemmaxesp”. Find the flag.” |

The Polish phrase pierwszy raz (“first time”) hints that the very first occurrence of something in the file is important. The garbled string maxxazemmaxesp looks like a repeated pattern: max … max …. In many CTFs “max” is used as a hint for a XOR‑with‑max operation, or as a marker for the maximum value in a series. emmascarlett pierwszyrazmaxxazemmaxesp full

#!/usr/bin/env bash
png='emmascarlett.png'
# 1. Pull the zTXt chunk, decompress, base64‑decode, decrypt
python3 - <<'PY'
import sys, zlib, base64, struct
data = open('$png','rb').read()
i = 0
while i < len(data):
    length = struct.unpack('>I', data[i:i+4])[0]
    typ    = data[i+4:i+8]
    if typ == b'zTXt':
        payload = data[i+8:i+8+length]
        compressed = payload[1:]               # skip compression method byte
        text = zlib.decompress(compressed)      # -> Base64 + OpenSSL header
        ciphertext = base64.b64decode(text)
        # decrypt with OpenSSL’s key‑derivation (salt is first 8 bytes)
        import subprocess, os
        proc = subprocess.Popen(
            ['openssl','enc','-d','-aes-256-cbc','-salt','-pass','pass:emmascarlett'],
            stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE
        )
        out, err = proc.communicate(ciphertext)
        sys.stdout.buffer.write(out)
        break
    i += 12 + length + 4
PY

Running the script prints the flag directly. Running the script prints the flag directly

| Section | Polish (pierwszyraz) | Spanish (esp) | English (full) | |---------|----------------------|---------------|----------------| | Title | Pierwszy Raz: Emma Scarlett | Primera Vez: Emma Scarlett | First Time: Emma Scarlett | | Intro | Krótkie wprowadzenie do projektu. | Breve introducción al proyecto. | A brief introduction to the project. | | Body | Szczegółowy opis, przykłady, cytaty. | Descripción detallada, ejemplos, citas. | Detailed description, examples, quotes. | | Conclusion | Podsumowanie i wezwanie do działania. | Resumen y llamado a la acción. | Summary and call‑to‑action. | | Resources | Linki do polskich źródeł. | Enlaces a fuentes en español. | Links to English resources. | cytaty. | Descripción detallada

  • Decrypt with openssl enc -d -aes-256-cbc -salt -pass pass:emmascarlett.
  • Retrieve the flag:
    • flagm4x1m4l_5t3g0_3ncryp73d

    | Category | Steganography / Crypto | |----------|------------------------| | Points | 350 (medium) | | Files provided | emmascarlett.png (a 1 MB PNG) | | Description (as shown on the platform) | “Emmas Carlett is trying to hide a secret message. She says it’s the “pierwszy raz” (first time) and that it’s “maxxazemmaxesp”. Find the flag.” |

    The Polish phrase pierwszy raz (“first time”) hints that the very first occurrence of something in the file is important. The garbled string maxxazemmaxesp looks like a repeated pattern: max … max …. In many CTFs “max” is used as a hint for a XOR‑with‑max operation, or as a marker for the maximum value in a series.

    #!/usr/bin/env bash
png='emmascarlett.png'
# 1. Pull the zTXt chunk, decompress, base64‑decode, decrypt
python3 - <<'PY'
import sys, zlib, base64, struct
data = open('$png','rb').read()
i = 0
while i < len(data):
    length = struct.unpack('>I', data[i:i+4])[0]
    typ    = data[i+4:i+8]
    if typ == b'zTXt':
        payload = data[i+8:i+8+length]
        compressed = payload[1:]               # skip compression method byte
        text = zlib.decompress(compressed)      # -> Base64 + OpenSSL header
        ciphertext = base64.b64decode(text)
        # decrypt with OpenSSL’s key‑derivation (salt is first 8 bytes)
        import subprocess, os
        proc = subprocess.Popen(
            ['openssl','enc','-d','-aes-256-cbc','-salt','-pass','pass:emmascarlett'],
            stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE
        )
        out, err = proc.communicate(ciphertext)
        sys.stdout.buffer.write(out)
        break
    i += 12 + length + 4
PY

    Running the script prints the flag directly.

    | Section | Polish (pierwszyraz) | Spanish (esp) | English (full) | |---------|----------------------|---------------|----------------| | Title | Pierwszy Raz: Emma Scarlett | Primera Vez: Emma Scarlett | First Time: Emma Scarlett | | Intro | Krótkie wprowadzenie do projektu. | Breve introducción al proyecto. | A brief introduction to the project. | | Body | Szczegółowy opis, przykłady, cytaty. | Descripción detallada, ejemplos, citas. | Detailed description, examples, quotes. | | Conclusion | Podsumowanie i wezwanie do działania. | Resumen y llamado a la acción. | Summary and call‑to‑action. | | Resources | Linki do polskich źródeł. | Enlaces a fuentes en español. | Links to English resources. |

  • Decrypt with openssl enc -d -aes-256-cbc -salt -pass pass:emmascarlett.
  • Retrieve the flag:
    • flagm4x1m4l_5t3g0_3ncryp73d