CSAW 2018 🐼 Rewind Writeup

This is a writeup of the 🐼 Rewind challenge at CSAW 2018.

This is a forensics challenge worth 200 points.

We are given a tar archive for the challenge that we can extract.

root@kali:~/csaw/rewind# tar -xvf rewind.tar.gz 
rewind.zip

We can now extract this zip archive.

root@kali:~/csaw/rewind# unzip rewind.zip 
Archive:  rewind.zip
  inflating: rewind-rr-nodent.log    
  inflating: rewind-rr-snp

We can take a look at what these files are with the file utility.

root@kali:~/csaw/rewind# file *
rewind-rr-nodent.log: data
rewind-rr-snp:        QEMU suspend to disk image

We can first try to search for the flag within the image with a regular expression.

root@kali:~/csaw/rewind# grep -a "flag{.*}" rewind-rr-snp
...
flag{RUN_R3C0RD_ANA1YZ3_R3P3AT}
...

Success! That was all that was required to complete this challenge.

Overall, this was an extremely simple challenge that only required extracting two archives and performing a simple search for the flag in the image.