Pico CTF - Enhance!

Hey, Hammaz here! (Or you can call me Shinigami, that's my gamer tag). I'm diving into a fresh Pico CTF Forensics challenge – "Enhance!" This one might look tough, but it's surprisingly easy. You know the drill – sometimes, the answer is staring us in the face. Let's crack the code together and discover the hidden simplicity. Happy hacking!

The Challenge gives us the below image and says "Find the Flag". Yea, that's all we got. 

Write-Up

1. In my forensics playbook, one of the initial moves I swear by is firing up binwalk with the command: `binwalk --dd=.*0 *your_file_name`. It's like my trusty digital Swiss Army knife, especially adept at extracting compressed data from files. But here's the plot twist – this time, it only hinted at an XML document without a trace of compressed data. Sometimes, even in the world of forensics, the unexpected keeps us on our toes!
   
   
   
   
   
   
   
2. I navigated to the file's core using a Hex Editor, consulting ChatGPT for missing SVG file elements—yet, everything was in order. Despite contemplating a switch to .png, the Hex Editor affirmed the file's SVG nature, keeping the mystery intact. Sometimes, the answer hides in plain bytes. The intrigue deepens!
   
   
3. Hoping to uncover a hidden gem, I employed the command `grep 'pico' drawing.flag.svg`. This command basically looks for thr word pico through the whole document. Unfortunately, the flag remained elusive, playing hard to get within the confines of the SVG file. The search continues!
   
   
4. In a return to simplicity, I opted for the humble `cat` command to peruse the file. Despite its manageable size, the revelation caught me off guard – there, in plain sight, was the flag, the customary "pico" tag wasn't there. A sneaky twist that slipped past our earlier grep attempt! As shown below we can see the flag in curly braces. Next time I am using grep to search for curly braces(lol)
   
   
   
   
   
   
   
5. In hindsight, a shortcut to success would have been firing up Visual Studio Code to open the XML file. A mere 30 seconds would have sufficed to lay eyes on the elusive flag. Sometimes, the simplest tools deliver the swiftest victories!
   
   

 Conclusion : In the quest for the "Enhance!" challenge, the journey took unexpected turns. Despite the promising start with `binwalk`, the file revealed itself as an XML document, throwing off the usual forensics trail. The Hex Editor hinted at an SVG file, but the flag remained elusive, evading even the `grep` command.

In a back-to-basics move, the `cat` command uncovered the flag, sans the familiar "pico" tag. Lesson learned: simplicity triumphs. A missed opportunity for Visual Studio Code to unveil the flag in 30 seconds highlights the power of straightforward tools.

In conclusion, the "Enhance!" challenge taught us that even in complex puzzles, the answer might be found in the most straightforward methods. Happy hacking!