Table of contents
Overview
In this challenge, we are told that the flag is located within phone crash logs. We are given an archive containing a sysdiagnose extraction of an iOS device:
sysdiagnose_and_crashes.tar.xz
Our objective is to inspect its contents and recover the flag.
1 — Extract the archive
We begin by extracting the .xz archive using tar:
tar -xf sysdiagnose_and_crashes.tar.xz
Once unpacked, we notice that the relevant logs are located in:
private/var/mobile/Library/Logs/CrashReporter
This directory contains crash logs generated by the device.
2 — Manual inspection
A quick look through the files reveals one named:
fcsc_intro.txt
Opening it shows the presence of the flag.
3 — Faster method using grep
Instead of manually exploring everything, we can recursively search for the flag format using grep:
grep -r "FCSC{" ./private
grepis included by default on Linux/macOS systems, and available on Windows through Git Bash or WSL.
Output:
./private/var/mobile/Library/Logs/CrashReporter/fcsc_intro.txt:FCSC{7a1ca2d4f17d4e1aa8936f2e906f0be8}
Final Flag
FCSC{7a1ca2d4f17d4e1aa8936f2e906f0be8}