Stomach Bug — metactf

Description

Source challenge: Stomach Bug

URL: https://stomachbug.umbccd.net

English summary: the endpoint returns an endless attachment named spew.txt. Inside the stream, useful data appears as numbered hex records mixed with distracting printable ASCII lines.

Analysis

Recon observations:

1. The server does not return a normal HTML page; it starts downloading spew.txt and keeps streaming.
2. The body alternates between sliding printable ASCII text and lines of the form |000|... through |161|....
3. The numbered lines are hex-only payload chunks. Sorting by index and concatenating them reconstructs a valid PNG.
4. The recovered image is a 625x625 grayscale QR code.
5. Decoding that QR yields PNG bytes that were expanded through UTF-8 text encoding, so they must be converted back with .decode("utf-8").encode("latin1") before opening the nested image.
6. The second QR contains a base64 string, which decodes directly to the flag.

Solution

Extraction pipeline:

1. Download only a short slice of the endless response.
2. Regex-extract all numbered hex chunks.
3. Sort them by numeric index and concatenate the hex payload.
4. Convert the hex to bytes and save the first PNG.
5. Decode the first QR.
6. Repair the UTF-8-expanded PNG bytes with .decode("utf-8").encode("latin1").
7. Decode the nested QR.
8. Base64-decode the nested QR text to recover the flag.

#!/usr/bin/env python3

import base64
import io
import re

import requests
from PIL import Image
from pyzbar.pyzbar import decode


URL = "https://stomachbug.umbccd.net"
LINE_RE = re.compile(r"^\|(\d{3})\|([0-9a-fA-F]+)$")

...