|link|: Fc2-ppv-1864525

00000000 66 6c 61 67 7b 46 43 32 5f 50 50 56 5f 31 38 36 |flag 00000010 34 35 32 35 5f 66 61 6b 65 7d 0a 00 00 00 00 00 ......| ...

Extract the trailing bytes:

import re, sys, json, urllib.parse, requests html = open('page.html').read() m = re.search(r'var\s+videoUrl\s*=\s*"([^"]+)"', html) url = urllib.parse.unquote(m.group(1)) print(url) Result (example): fc2-ppv-1864525

# Get the offset of the final `moov` atom (e.g. 124,567,890) tail -c +124567891 fc2_1864525.mp4 > trailing.bin hexdump -C trailing.bin | head The dump shows plain ASCII:

Use exiftool on a few frames to see if any hidden data was appended: 00000000 66 6c 61 67 7b 46 43

But let’s assume the real challenge hides it deeper (e.g., the trailing data is just a decoy). We’ll keep digging to illustrate a full methodology. Even though we already located a flag, extracting the raw streams is useful for later analysis.

https://video.fc2.com/content/2022/09/1864525_720p.mp4?auth=... wget -O fc2_1864525.mp4 "https://video.fc2.com/content/2022/09/1864525_720p.mp4?auth=..." The file size is ~120 MB – typical for a 720p MP4. 3. File Inspection 3.1 Basic file info file fc2_1864525.mp4 # => ISO Media, MP4 Base Media v1 [ISO 14496-12] ... We’ll keep digging to illustrate a full methodology

Using an online Morse decoder (or the morse Python library):