Matryoshka doll is a forensics puzzle worth 30 points.

Description:

Matryoshka dolls are a set of wooden dolls of decreasing size placed one inside another. What's the final one?

This puzzle provides the following JPG file dolls.jpg

On first glance, this image is fairly large at ~652kb. First, I tried using exiftool, but nothing interesting was gleaned from the output. Also, file showed that this isn’t really a JPG:

dolls.jpg: PNG image data, 594 x 1104, 8-bit/color RGBA, non-interlaced

Running strings against dolls.jpg showed what appeared to be a file name: base_images/2_c.jpg

Scrolling through this with a hex editor, I saw the header to a zip file, which looks like it contains the aforementioned file:

To pull out the embedded zip file within dolls.jpg, I used binwalk. This wasn’t installed on my machine yet, so I installed it with apt install binwalk.

Using binwalk -e dolls.jpg, I was able to extract another picture of a smaller doll, which also had a zip file embedded within it. This doll looked the same as the original picture, but slightly smaller. True to its name, this smaller doll had another zip containing another image of a smaller doll inside.

Repeating this process four times eventually yielded flag.txt, which revealed the flag.