Skip to main content

look_out

Challenge

Imported from local notes.md.

Solution

Original Notes

look_out

Challenge Summary

  • Given: A one-page PDF, starting_files/Untitled_document.pdf, containing a row of bird silhouettes.
  • Goal: Recover the hidden flag.
  • Constraints: Flag format is IIITL{...}.

Initial Recon / Triage

  • Observations: pdftotext shows no visible text, but pdfinfo reveals a long binary string in the Subject metadata field.
  • File identification: The PDF contains 17 visible bird images on a wire and no embedded attachments.
  • Entry points: The bird sequence on the page and the binary subject metadata.

Hypotheses & Approach

  • Hypothesis 1: The flag might be hidden directly in PDF metadata. The binary Subject did decode into ciphertext bytes, but not directly into the flag.
  • Hypothesis 2: The birds represent a key phrase that should be combined with the metadata. This was correct.

Execution Steps (Reproducible)

Stage 1

Commands:

pdfinfo /root/incognito2026CTF/look_out/starting_files/Untitled_document.pdf
pdfimages -all /root/incognito2026CTF/look_out/starting_files/Untitled_document.pdf /root/incognito2026CTF/look_out/artifacts/rendered/img
pdftoppm -png /root/incognito2026CTF/look_out/starting_files/Untitled_document.pdf /root/incognito2026CTF/look_out/artifacts/rendered/lookout

Results:

  • pdfinfo exposes a 320-bit binary string in the Subject field.
  • Rendering the page shows 17 bird silhouettes.
  • Extracting the visible images confirms repeated bird glyphs, which indicates a substitution-style key phrase rather than random artwork.

Stage 2

Commands:

python3 /root/incognito2026CTF/look_out/artifacts/solve.py

Results:

  • The bird repetition pattern maps cleanly to the phrase lookslikeakeytome.
  • Converting the Subject binary string to bytes gives the ciphertext: 2526263f3f171d030c1234121807300c0b020016021d0b36070a0d3452404c5d5e5c5b5658584611
  • XORing that ciphertext with the repeating key lookslikeakeytome yields the flag.

Stage 3

Commands:

sed -n '1,20p' /root/incognito2026CTF/look_out/artifacts/solve_output.txt

Results:

  • Solver output confirms:
  • subject_bits=320
  • key=lookslikeakeytome
  • flag=IIITL{this_was_annoying_lol_79823979735}

Artifacts Produced

  • artifacts/solve.py - final reproducible solver.
  • artifacts/solve_output.txt - recorded solver output.
  • artifacts/rendered/lookout-1.png - rendered PDF page.
  • artifacts/rendered/bird_contact.png - labeled contact sheet of unique bird glyphs.
  • artifacts/rendered/img-*.png - extracted visible bird images and masks from the PDF.

Flag

IIITL{this_was_annoying_lol_79823979735}