Text ID : 3 Format : UTF‑8 Nothing suspicious at first glance, but MKV is a very flexible format – it can hold , extra subtitle tracks , chapters , and binary blobs . Those are typical places for a CTF flag. 3. Extract everything from the container We will use mkvextract (part of mkvtoolnix ) to dump all tracks and attachments.
def xor(data, key): return bytes(b ^ k for b, k in zip(data, itertools.cycle(key))) The Khatrimaza-org-mkv
$ python3 xor.py hidden.bin s3cr3t_k3y_4_f1ag payload.bin 🎉 Text ID : 3 Format : UTF‑8 Nothing
# 2. List attachments (if any) $ mkvextract attachments khatrimaza-org.mkv : Extract everything from the container We will use
Audio ID : 2 Format : AAC Channel(s) : 2 channels Sampling rate : 44.1 kHz Bit rate : 128 kb/s
DECIMAL HEXadecimal DESCRIPTION -------------------------------------------------------------------------------- 0 0x0 Unknown file type (0x42494E41) No known signature (e.g., gzip, zip, 7z) is detected. steghide , zsteg , exiftool can sometimes extract hidden payloads from generic binaries.