Complex.bin ✅
payload = raw[d_off:d_off+d_len] # Check zlib header if payload[0] == 0x78 and payload[1] in (0x01, 0x9C, 0xDA): print("Detected zlib compression, decompressing...") payload = zlib.decompress(payload)
#!/usr/bin/env python3 import sys, struct, zlib, binascii def parse_complex_bin(path): with open(path, "rb") as f: raw = f.read()
# Assume header at idx magic, version, crc, d_off, d_len = struct.unpack("<IIIII", raw[idx:idx+20]) print(f"Magic: magic:#x, Version: version:#x") print(f"Data offset: d_off, Length: d_len") complex.bin
$ python3 >>> import struct >>> with open("complex.bin","rb") as f: ... magic, version, crc, off, length = struct.unpack("<IIIII", f.read(20)) >>> print(hex(off), length) # 0x20, 480 >>> f.seek(0x20) >>> data = f.read(480) >>> data[:4] == b'\x78\x9c\x01\x00' # zlib header? True
>>> import zlib >>> out = zlib.decompress(data) >>> out.find(b"FLAG{") 42 >>> print(out[42:42+30]) b'FLAGc0mpl3x_b1n4ry_f0rm4t' Save as parse_complex.py : payload = raw[d_off:d_off+d_len] # Check zlib header if
$ file complex.bin data $ xxd complex.bin | head -1 00000000: 434f 4d50 0100 0000 1c00 0000 2000 0000 COMP........ ...
dd if=complex.bin of=payload.bin bs=1 skip=64 count=1024 Assume complex.bin has the following layout (common pattern): 0xDA): print("Detected zlib compression
# Heuristic: try to find 'COMP' magic idx = raw.find(b'COMP') if idx == -1: print("No COMP magic found. Assuming raw payload.") return raw
payload = raw[d_off:d_off+d_len] # Check zlib header if payload[0] == 0x78 and payload[1] in (0x01, 0x9C, 0xDA): print("Detected zlib compression, decompressing...") payload = zlib.decompress(payload)
#!/usr/bin/env python3 import sys, struct, zlib, binascii def parse_complex_bin(path): with open(path, "rb") as f: raw = f.read()
# Assume header at idx magic, version, crc, d_off, d_len = struct.unpack("<IIIII", raw[idx:idx+20]) print(f"Magic: magic:#x, Version: version:#x") print(f"Data offset: d_off, Length: d_len")
$ python3 >>> import struct >>> with open("complex.bin","rb") as f: ... magic, version, crc, off, length = struct.unpack("<IIIII", f.read(20)) >>> print(hex(off), length) # 0x20, 480 >>> f.seek(0x20) >>> data = f.read(480) >>> data[:4] == b'\x78\x9c\x01\x00' # zlib header? True
>>> import zlib >>> out = zlib.decompress(data) >>> out.find(b"FLAG{") 42 >>> print(out[42:42+30]) b'FLAGc0mpl3x_b1n4ry_f0rm4t' Save as parse_complex.py :
$ file complex.bin data $ xxd complex.bin | head -1 00000000: 434f 4d50 0100 0000 1c00 0000 2000 0000 COMP........ ...
dd if=complex.bin of=payload.bin bs=1 skip=64 count=1024 Assume complex.bin has the following layout (common pattern):
# Heuristic: try to find 'COMP' magic idx = raw.find(b'COMP') if idx == -1: print("No COMP magic found. Assuming raw payload.") return raw