There is something wrong with this icon.
There's a Brazilian icon flag..
ZIP file inside. So, I dumped the ZIP and tried to extract..
Nope! requires a password, and i have no clue where found it.
So I launched the hex-editor to do a deep look into this..
ZIP, starting by the hex signature
50 4B 03 04, and a lot of junk below..
You can see this clealy dumping the hex and adjusting the columns
$ xxd -c 76 ico.ico > xxx
At the first sight I thought it was a reflection of the bytes used to create the ICO file..
But no, this is an ASCII Art generated from the .ico image and strategically added to the end of the file, if you remove this, the ico still working displaying the Brazilian flag.
So, I've started removing/filling w/ zero bytes the zipfile and all that could be junk to see what happens w/ the ICO..
After A LOT of tries.. BAM! I can see
another ICO beyond the Brazilian flag, this icon showed the
password prefix of the ZIP file, then the brute-force becomes easy!
I'm not sure if this was the correct correct way to solve it, but it worked!
After scored the flag I talked w/ the admin, and I really solved w/ a lot of overthink(like always..).
This icon w/ the password is concatenated at the end of the file!
But it may be tricky to cut because the ICO signature is
00 00 01 00 and it can be found at the
footer of the every ZIP file. This complicated my attempts to crop the icon.
You need to figure out the footer of ZIP file and the header of ICO file to start the crop.
And that ASCII art? Is not an ASCII art, It was generated by ICO like as I was thinking..