BabyPDF, Dragon CTF 2019

BabyPDF in DragonCTF 2019 (hosted by DragonSector) is a challenge in the Miscellaneous category.

We were provided with a pdf (Download it from here)having a blank page. I tried with basic string, grep command and some other tools like binwalk and qpdf to check for the flag but did not succeed. Then I ran exifTool command on the pdf file and the got the result as shown below.

exiftool result

You can see the Creator and Producer is cairo. The pdf is rendered by Cairo, So my next step was to check pdf render on Cairo website (https://www.cairographics.org/cookbook/renderpdf/). There was 2 option to render pdf, either convert to Postscript or to convert to png.I gave it a try to the first option. I compiled the given c file on the website and got the Cairo PostScript file (.ps file) as output.ps.

Checking the hexedit of ps file it was %!PS-Adobe-3.0.% .I used online photoshop file opener Photopea (https://www.photopea.com/) to open the ps file. At first, I did not saw any flag except the white background but on inspecting the layers there was a mask layer and expanding the mask layer resulted into 2 more new layers in which one of them was a flag.

You can see the mask layer, the flag is in the path 3

On clicking the path 3 We can see the flag :)

Flag in path 3

The flag was : DrgnS{TooBadWWWIsNotInPDF}