The Khatrimaza-org-mkv | ORIGINAL » |

Text ID : 3 Format : UTF‑8 Nothing suspicious at first glance, but MKV is a very flexible format – it can hold , extra subtitle tracks , chapters , and binary blobs . Those are typical places for a CTF flag. 3. Extract everything from the container We will use mkvextract (part of mkvtoolnix ) to dump all tracks and attachments.

$ mkvinfo khatrimaza-org.mkv | grep -i "title\|comment" |+ Title: The Khatrimaza Movie |+ Comment: s3cr3t_k3y_4_f1ag The MKV container has a comment field: The Khatrimaza-org-mkv

Our job is to that the challenge author has concealed somewhere inside the container. 2. Initial Recon $ file khatrimaza-org.mkv khatrimaza-org.mkv: Matroska data, video (V_MPEG4/ISO/AVC), audio (A_AAC), subtitle (S_TEXT/UTF8), 720p, 30 fps The file is a normal MKV with video, audio, and a subtitle track . Next we get a quick look at the container’s structure: Text ID : 3 Format : UTF‑8 Nothing

$ mediainfo khatrimaza-org.mkv General Complete name : khatrimaza-org.mkv Format : Matroska File size : 84.3 MiB Duration : 00:03:45.000 Overall bit rate : 2 028 kb/s Extract everything from the container We will use

Challenge category: Forensics / Steganography Difficulty: Medium‑Hard Points: 500 (on a typical 500‑point line) 1. Overview The challenge provides a single file: khatrimaza-org.mkv . The file is a regular‑looking Matroska video container (MKV) – the kind you would normally see on the infamous “Khatrimaza” piracy site.

# 2. List attachments (if any) $ mkvextract attachments khatrimaza-org.mkv :