We are provided with 2 weird files named "a" and "b", and a python file as shown:

the below screen shows the conclusion for flag.py file.

so, we are provided with weird files, we need to determine what are these format.

So with HxD and a little research, i could determine that this magic bytes are qcow file format, which stands for “QEMU Copy On Write”.

So it’s a qemu disk images, but both files are just unallocated space on FTK

So, we need to convert them to a readable disk images to open properly.
After a little research i found this tool: qemu-img , so let’s try this tool

now we need to convert them

after conversion, we could open on FTK Imager

only the b disk image opened properly. after a long research and a very long chats with different AI models :), i was able to cofirm that a is Android FBE-encrypted userdata and b is the metadata partition needed to decrypt a.
finally i found an amazing tool: fbe-decrypt , now let’s work to decrypt a.

We just need to rename the files with the intended names based n the script to could run perfectly.

And now we can run and see the precious output here
NOTE: First, you will need to install NodeJS

Now we can investigate the disk image properly on FTK with no issues

Now, Let’s head back to the python script and start real investigation.

After walking around and deep searching, i found a very important note on the notifications file located in: /system_ce/0/notification_history/notification_history.xml

now i got 2 answers directly, and one glance for the third
first: telechat account is: @vanta_supply
second glance: plate numbers maybe starts or ends or contains:..SG673..
third: the buyer we suspect is: jiawei

After a long digging also, found this amazing picture located in:
/media/0/Pictures/TeleChat/IMG_20260514_164900.png

Now we got the full car plate number: SG67301K
Now for the tricky part, the last question needs the coordinates to identify the pickup point.

There’s another image in the directory called spot.jpg, i guess it’s a clue

that’s a big clue and its called spot, so let’s get the exact coordinates.

wanna do a big shoutout to my friend

for helping me get the exact coordinates

Found exactly the same view on different platforms such as: alamy and facebook post here , and finally found a good person on flickr posted the exact image with the exact location here: https://www.flickr.com/map/?fLat=1.401333&fLon=103.794833&zl=13&everyone_nearby=1&photo=9511153795 , so i got it from the url itself.
getting the exact coordinates on google maps HERE

So Let’s Get the FLAG