>>> import zlib >>> out = zlib.decompress(data) >>> out.find(b"FLAG{") 42 >>> print(out[42:42+30]) b'FLAGc0mpl3x_b1n4ry_f0rm4t' Save as parse_complex.py :
#!/usr/bin/env python3 import sys, struct, zlib, binascii def parse_complex_bin(path): with open(path, "rb") as f: raw = f.read() complex.bin
| Offset | Size (bytes) | Field | Description | |--------|--------------|-------|-------------| | 0x00 | 4 | Magic | 0x434F4D50 ("COMP") | | 0x04 | 4 | Version | e.g., 0x00010001 | | 0x08 | 4 | Header CRC32 | | | 0x0C | 4 | Data offset | from start of file | | 0x10 | 4 | Data length | | | 0x14 | 4 | Flags | bit 0 = encrypted, bit 1 = compressed | | 0x18 | 8 | Reserved | | | 0x20 | variable | Payload | | import struct with open("complex.bin", "rb") as f: header = f.read(0x20) magic, ver, crc, data_off, data_len, flags = struct.unpack("<IIIIII", header[:24]) >>> import zlib >>> out = zlib
# Heuristic: try to find 'COMP' magic idx = raw.find(b'COMP') if idx == -1: print("No COMP magic found. Assuming raw payload.") return raw True dd if=complex
# Assume header at idx magic, version, crc, d_off, d_len = struct.unpack("<IIIII", raw[idx:idx+20]) print(f"Magic: magic:#x, Version: version:#x") print(f"Data offset: d_off, Length: d_len")
$ python3 >>> import struct >>> with open("complex.bin","rb") as f: ... magic, version, crc, off, length = struct.unpack("<IIIII", f.read(20)) >>> print(hex(off), length) # 0x20, 480 >>> f.seek(0x20) >>> data = f.read(480) >>> data[:4] == b'\x78\x9c\x01\x00' # zlib header? True
dd if=complex.bin of=payload.bin bs=1 skip=64 count=1024 Assume complex.bin has the following layout (common pattern):