# Matryoshka doll

## Problem

> Matryoshka dolls are a set of wooden dolls of decreasing size placed one inside another. What's the final one? Image: this

* [Image](https://github.com/HHousen/PicoCTF-2021/blob/master/Forensics/Matryoshka%20doll/dolls.jpg)

## Solution

1. The problem suggests files places inside of other files, so let's run `binwalk dolls.jpg`.

   ```
   DECIMAL       HEXADECIMAL     DESCRIPTION
   --------------------------------------------------------------------------------
   0             0x0             PNG image, 594 x 1104, 8-bit/color RGBA, non-interlaced
   3226          0xC9A           TIFF image data, big-endian, offset of first image directory: 8
   272492        0x4286C         Zip archive data, at least v2.0 to extract, compressed size: 378956, uncompressed size: 383938, name: base_images/2_c.jpg
   651614        0x9F15E         End of Zip archive, footer length: 22
   ```

   Sure enough, there are several files.
2. We can extract the files by running `binwalk --dd='.*' dolls.jpg` and then `cd _dolls.jpg.extracted`.
3. After some trial and error, the correct solution is to extract the zip file, `cd base_images`, and then repeat step 3 on `2_c.jpg`.
4. Now that you are in `_2_c.jpg.extracted`, extract the zip file and repeat step 3.
5. Repeat the above steps of extracting and `binwalk`ing until you end up at this path: `_dolls.jpg.extracted/base_images/_2_c.jpg.extracted/base_images/_3_c.jpg.extracted/base_images/_4_c.jpg.extracted/136DA-(1)`. There is a `flag.txt` file in this directory that contains the flag.

### Flag

`picoCTF{336cf6d51c9d9774fd37196c1d7320ff}`


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://picoctf2021.haydenhousen.com/forensics/matryoshka-doll.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.