The Khatrimaza-org-mkv Official

key = b's3cr3t_k3y_4_f1ag' data = open('hidden.bin', 'rb').read()

Comment: s3cr3t_k3y_4_f1ag That looks like a plausible key. Let’s try XOR‑decrypting hidden.bin with that key. We write a tiny Python script that repeats the key over the file and XORs each byte.

ffprobe -show_streams video.h264 ffprobe -show_streams audio.aac Both streams look clean (no extra data or unusual codec parameters). We also run strings on them, but no flag‑like patterns appear. The Khatrimaza-org-mkv

out = bytes([b ^ key[i % len(key)] for i, b in enumerate(data)])

def xor(data, key): return bytes(b ^ k for b, k in zip(data, itertools.cycle(key))) key = b's3cr3t_k3y_4_f1ag' data = open('hidden

DECIMAL HEXadecimal DESCRIPTION -------------------------------------------------------------------------------- 0 0x0 Unknown file type (0x42494E41) No known signature (e.g., gzip, zip, 7z) is detected. steghide , zsteg , exiftool can sometimes extract hidden payloads from generic binaries.

2 00:00:03,001 --> 00:00:07,000 Enjoy the movie. Nothing hidden in the subtitles – just a generic welcome message. We quickly glance at them with ffprobe just to be sure there’s nothing weird: ffprobe -show_streams video

$ python3 xor.py hidden.bin s3cr3t_k3y_4_f1ag payload.bin 🎉

$ hexdump -C hidden.bin | head 00000000 42 49 4e 41 52 59 20 66 69 6c 65 20 73 69 67 6e |BINARY file sign| 00000010 61 74 75 72 65 20 70 72 6f 74 65 63 74 65 64 20 |ature protected | ... The first bytes read – looks like a custom marker added by the challenge creator. 5.2 Entropy check – is it compressed / encrypted? $ ent hidden.bin Entropy = 7.998997 bits per byte. Very high entropy (~8 bits/byte) – it is either compressed or encrypted. 5.3 Try common decompression tools We test a few common formats with binwalk :

Video ID : 1 Format : AVC Format/Info : Advanced Video Coding Width : 1 280 pixels Height : 720 pixels Display aspect ratio : 16:9 Frame rate : 30.000 FPS Bit rate : 1 600 kb/s