Explanation

In the Tardis v2 Challenge, we are given a rar file and tasked with obtaining a hidden flag.

If you extract the file in flag.rar, you will only be given a file named, “flag.txt”. In the file, it says, “Nope it’s not here. You’ll need to find an alternate location.” That is a hint that the flag is contained in an Alternate Data Stream.

BTC 2022 Last Minute CTF Tardis v2 Extracted Screenshot

You can access the data in the Alternate Data Stream with 7zip.

BTC 2022 Last Minute CTF Tardis v2 Alternate Data Stream Using 7zip Screenshot

If you are on Windows, you can also use Command Prompt to look for Alternate Data Streams and read data in them.

To see if a file contains an Alternate Data Steam, you can use the following command:

dir /r file

BTC 2022 Last Minute CTF Tardis v2

Solving the Challenge

  1. Browse to http://18.205.188.77/challenges.
  2. Click Tardis v2
  3. Click flag.rar to download the file.
  4. Using 7zip, open the archive flag.rar.
  5. Double click flag.txt:nothereeither.txt.
  6. The flag is BTC{AlternateLocationHazBeenIdentified!}
  7. Copy the flag
  8. Paste the flag into the Flag field.
  9. Click Submit.