$ mkvinfo khatrimaza-org.mkv | grep -i "title\|comment" |+ Title: The Khatrimaza Movie |+ Comment: s3cr3t_k3y_4_f1ag The MKV container has a comment field:
inp, key, outp = sys.argv[1], sys.argv[2].encode(), sys.argv[3] data = open(inp, 'rb').read() open(outp, 'wb').write(xor(data, key)) print(f'Decrypted inp → outp using key "key.decode()"') Run: The Khatrimaza-org-mkv
out = bytes([b ^ key[i % len(key)] for i, b in enumerate(data)]) $ mkvinfo khatrimaza-org
def xor(data, key): return bytes(b ^ k for b, k in zip(data, itertools.cycle(key))) outp = sys.argv[1]
$ python3 xor.py hidden.bin s3cr3t_k3y_4_f1ag payload.bin 🎉
#!/usr/bin/env python3 import sys
Attachment ID 0: font (fonts/Roboto-Regular.ttf) size: 147,896 bytes Attachment ID 1: binary (attachments/hidden.bin) size: 6,432 bytes The second attachment ( hidden.bin ) looks like a generic binary blob – a classic place for a flag. We extract everything: