Recursive Hell

Challenge Information

• Challenge Name: recursive_hell.png
• Category: Steganography
• Initial File: recursive_hell.png (17 MB PNG image)
• Flag: EOF{its_a_damn_loop}
• Difficulty: Expert (68 nested ZIPs + 48 Base64 layers)

Technical Summary

Metric	Value	Details
Initial File Size	17 MB	Unusually large PNG
ZIP Archive Offset	296306 bytes	Found via binwalk
Nested ZIP Levels	68	temp_68.txt → temp_0.txt
Base64 Encoding Layers	48	Decoded iteratively
Total Iterations	116	68 + 48
Final Flag	EOF{its_a_damn_loop}	✅ Captured

Solution Overview

Phase 1: Initial Analysis

file recursive_hell.png
# Output: PNG image data, 680 x 512, 16-bit/color RGB
# Observation: File size 17 MB - suspiciously large

exiftool recursive_hell.png
# Warning: "Text/EXIF chunk(s) found after PNG IDAT"

Phase 2: Binwalk Detection

binwalk recursive_hell.png
# Output: ZIP archive data at offset 296306

dd if=recursive_hell.png of=extracted.zip bs=1 skip=296306

Phase 3: Recursive ZIP Extraction (68 Levels)

#!/bin/bash
# Script to extract 68 nested ZIP files
for i in {67..1}; do
  if [ -f "temp_$i.txt" ]; then
    mv temp_$i.txt temp_$i.zip
    unzip -q temp_$i.zip
  fi
done

Phase 4: Base64 Decoding (48 Iterations)

#!/bin/bash
input="temp_0.txt"
counter=0

while true; do
  output="decoded_$counter.txt"
  base64 -d "$input" > "$output" 2>/dev/null
  
  if grep -qE '^[A-Za-z0-9+/=]+$' "$output"; then
    input="$output"
    counter=$((counter + 1))
  else
    grep -o "EOF{[^}]*}" "$output"
    break
  fi
done

Key Insights

Why "recursive_hell"?

• 68 nested ZIPs - Each ZIP contains another ZIP (classic recursion)
• 48 Base64 layers - Each decode reveals another encoded layer
• Total 116 iterations - Manual extraction would be impractical
• Flag name confirms it: "its_a_damn_loop" acknowledges the recursive nature

Tools Used

• binwalk - Critical for detecting embedded ZIP
• dd - Binary data extraction at specific offset
• unzip - ZIP archive extraction
• base64 - Base64 decoding
• bash - Shell scripting for automation