= What is her name =
We are given a file, we first use "file" command to determine its file type.
<code>$ file a28571ce4984f3349e78c5b533165b7d
a28571ce4984f3349e78c5b533165b7d: JPEG image data, JFIF standard 1.01</code>

== Hidden file appended to the picture ===
It's a jpeg, but so big. Let's view it in hexa and check the jpeg end marker FF D9. Oh, oh, seems there is something after. Extract it with python.
<code>$ python
>>> f=open('a28571ce4984f3349e78c5b533165b7d','r').read()
>>> open('hidden','w').write(f[f.find('\xff\xd9')+2:])</code>

Using file again, it looks like a passworded zip. Too bad we don't have the password. While we tried a small bruteforce, we looked again at the jpeg to see if we missed something.

== Hidden file in the comment section ==
It appears that the JPEG has something in its comment: extract it with exiv2.
<code>$ exiv2 -p c a28571ce4984f3349e78c5b533165b7d > comment</code>

Using file again, it looks like a gzip file, but when trying to extract it says corrupted. Nevermind, use zcat to extract what is possible and view it in hexdump.
<code>$ zcat comment.gz | hexdump -C

00000000  ff d8 ff e0 00 10 4a 46  49 46 00 01 01 01 00 60  |......JFIF.....`|
00000010  00 60 00 00 ff e1 00 16  45 78 69 66 00 00 49 49  |.`......Exif..II|
00000020  2a 00 08 00 00 00 00 00  00 00 00 00 ff db 00 43  |*..............C|
00000030  00 05 03 04 04 04 03 05  04 04 04 05 05 05 06 07  |................|
00000040  0c 08 07 07 07 07 0f 0b  0b 09 0c 11 0f 12 12 11  |................|
00000050  0f 11 11 13 16 1c 17 13  14 1a 15 11 11 18 21 18  |..............!.|
00000060  1a 1d 1d 1f 1f 1f 13 17  22 24 22 1e 24 1c 1e 1f  |........"$".$...|
00000070  1e ff db 00 43 01 05 05  05 07 06 07 0e 08 08 0e  |....C...........|
00000080  1e 14 11 14 1e 1e 1e 1e  1e 1e 1e 1e 1e 1e 1e 1e  |................|
00000090  1e 1e 1e 1e 1e 1e 1e 1e  1e 1e 1e 1e 1e 1e 1e 1e  |................|
*
000000b0  1e 1e 1e 1e 1e 1e ff c0  00 11 08 03 20 02 58 03  |............ .X.|
000000c0  01 22 00 02 11 01 03 11  01 ff c4 00 1d 00 01 00  |."..............|
000000d0  03 01 01 00 03 01 00 00  00 00 00 00 00 00 00 07  |................|
000000e0  08 09 06 05 02 03 04 01  ff c4 00 66 10 00 01 03  |...........f....|
000000f0  03 03 02 03 03 05 06 11  0b 02 02 01 15 02 01 03  |................|
00000100  04 05 06 12 00 07 11 13  22 08 21 32 14 31 42 15  |........".!2.1B.|
00000110  23 41 52 b4 09 16 18 37  51 76 17 24 33 38 55 56  |#AR....7Qv.$38UV|
00000120  57 61 62 82 84 94 95 a5  d2 d3 d4 25 34 67 71 72  |Wab........%4gqr|
00000130  81 91 92 b1 b2 e4 43 53  35 85 c4 26 27 44 73 36  |......CS5..&'Ds6|
00000140  46 63 75 93 a1 a6 39 45  47 54 66 74 83 a2 b3 f1  |Fcu...9EGTft....|
00000150  ff c4 00 14 01 01 00 00  00 00 00 00 00 00 00 00  |................|
00000160  00 00 00 00 00 00 ff c4  00 14 11 01 00 00 00 00  |................|
00000170  00 00 00 00 00 00 00 00  00 00 00 00 ff fe 00 14  |................|
00000180  50 34 24 53 77 30 72 7c  3e 20 31 24 20 be fe ed  |P4$Sw0r|> 1$ ...|
00000190  ed 00 ff da 00 0c 03 01  00 02 11 03 11 00 3f 00  |..............?.|</code>

We recognized another JPEG picture, and wait... a few lines below we see "password is" and right after in hex "be fe ed ed" : BEFEEDED.

Let's try this password on the zip file.
<code>$ unzip hidden.zip
Archive:  hidden.zip
[hidden.zip] 148242df19a15b87b148c2b4a9437de1 password: BEFEEDED
  inflating: 148242df19a15b87b148c2b4a9437de1</code>

== Another picture ==
Again, we use file command to see another jpeg. When viewing it, it seems it's the same picture than the first one, but with some little differences. Could be interesting to see the differences between the two pictures. We open GIMP, superpose two pictures, set opacity 50% and we see the differences [image:superpose.png], showing password "dazdraperma".