Original writeup at https://mallux.azurewebsites.net/2021/01/31/pdf-analysis/  
# PDF is broken and so is this file  
## TL;DR  
Analyze broken pdf file and extract several hints that lead to the solution  
## Description  
*This PDF contains the flag, but you’ll probably need to fix it first to figure out how it’s embedded. Fortunately, the file contains everything you need to render it. Follow the clues to find the flag, and hopefully learn something about the PDF format in the process.*  
The challenge provides us with a challenge.pdf file  
## The ruby script  
When we try to open the pdf, we just get a white page with nothing on it.
Let's run strings on it and see if we can find something:  
![](https://mallux.azurewebsites.net/wp-content/uploads/2021/01/pdf1.png)

This line reveals that the pdf file can also be interpreted as a ruby script.
Here's the entire script:  
```  
port = 8080  
if ARGV.length > 0 then  
port = ARGV[0].to_i  
html=DATA.read().encode('UTF-8', 'binary', :invalid => :replace, :undef =>
:replace).split(/<\/html>/)[0]+"</html>\n"  
v=TCPServer.new('',port)  
print "Server running at http://localhost:#{port}/\nTo listen on a different
port, re-run with the desired port as a command-line argument.\n\n"  
loop do  
s=v.accept  
ip = Socket.unpack_sockaddr_in(s.getpeername)[1]  
print "Got a connection from #{ip}\n"  
request=s.gets  
if request != nil then  
request = request.split(' ')  
end  
if request == nil or request.length < 2 or request[0].upcase != "GET" then  
s.print "HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nContent-Type:
text/html\r\nConnection: close\r\n\r\n"  
s.close  
next  
end  
req_filename = CGI.unescape(request[1].sub(/^\//,""))  
print "#{ip} GET /#{req_filename}\n"  
if req_filename == "favicon.ico" then  
s.print "HTTP/1.1 404 Not Found\r\nContent-Length: 0\r\nContent-Type:
text/html\r\nConnection: close\r\n\r\n"  
s.close  
next  
elsif req_filename.downcase.end_with? ".zip" then  
c="application/zip"  
d=File.open(__FILE__).read  
n=File.size(__FILE__)  
else  
c="text/html"  
d=html  
n=html.length  
end  
begin  
s.print "HTTP/1.1 200 OK\r\nContent-Type: #{c}\r\nContent-Length:
#{n}\r\nConnection: close\r\n\r\n"+d  
s.close  
rescue Errno::EPIPE  
print "Connection from #{ip} closed; broken pipe\n"  
end  
__END__  
<html>  
<head>  
<title>A PDF that is also a Ruby Script?</title>  
</head>  
<body>  
<center>  
<h1>Download</h1>  
</center>  
  
</body>  
</html>  

Original writeup (https://mallux.azurewebsites.net/2021/01/31/pdf-analysis/).