Challenge Description#

Given SaveMeFromThisHell.zip containing Marlboro.jpg. Clues: smoke/fire + “programming language from hell”.

Analysis#

1. binwalk Marlboro.jpg → ZIP appended at offset 3754399 (0x39499F)
2. Extract → smoke.png and encrypted.bin
3. exiftool smoke.png → Author: aHR0cHM6Ly96YjMubWUvbWFsYm9sZ2UtdG9vbHMv (Malbolge tools URL)
4. zsteg -a smoke.png → KEY=c7027f5fdeb20dc7308ad4a6999a8a3e069cb5c8111d56904641cd344593b657

Solution#

# Carve ZIP from JPEG
python -c "data=open('Marlboro.jpg','rb').read();open('smoke.zip','wb').write(data[3754399:])"

unzip smoke.zip

# Get key from zsteg
zsteg -a smoke.png

# XOR decrypt
python -c "from pathlib import Path; key=bytes.fromhex('c7027f5fdeb20dc7308ad4a6999a8a3e069cb5c8111d56904641cd344593b657'); enc=Path('encrypted.bin').read_bytes(); Path('decrypted.bin').write_bytes(bytes(b ^ key[i % len(key)] for i,b in enumerate(enc)))"

# Execute Malbolge
python -m pip install malbolge
python -c "import malbolge; print(malbolge.eval(open('decrypted.bin').read().splitlines()[-1]))"