Forensics – Moonwalk_2

Moonwalk 2 - 300pts.

Challenge

Revisit the last transmission. We think this transmission contains a hidden message. There are also some clues clue 1, clue 2, clue 3.
message 1 https://2019shell1.picoctf.com/static/0702fc780b00e377041f55d5806557aa/message.wav

clue 1 https://2019shell1.picoctf.com/static/0702fc780b00e377041f55d5806557aa/clue1.wav

clue 2 https://2019shell1.picoctf.com/static/0702fc780b00e377041f55d5806557aa/clue2.wav

clue 3 https://2019shell1.picoctf.com/static/0702fc780b00e377041f55d5806557aa/clue3.wav

Hints

Use the clues to extract the another flag from the .wav file.

Solution

we have to download 4 audio files.
1] message.wav
2] clue1.wav
3] clue2.wav
4] clue3.wav

These are 4 audio files that contain SSTV signals (as in moonwalk1).

Just as in the first challenge we use QSSTV to decode the signal, the steps to set the software in this challenge are very similar to the previous one, in fact only a few aspects change and for most of the settings just look at how QSSTV was set in the previous challenge.

Software configuration

1) open the software and go to Options -> Configuration -> Audio -> select PulseAudio on the audio interface and on the audio input from audio card.

2) we return to the main screen and on the standard file format we set .png

3) "mode" we set it to Auto (the 3 files called "clue" use different signal encodings, with this setting QSSTV will automatically understand which encoding is in use).

4) the maximum range of db is set to + 50 / -40db.

5) avg is set to 0.80.

6) Sensitivity: high

now we can start to decode che files and solve the challenge!

Decoding of the signals

1) We start by decoding the first file (message.wav),when the software finishes to decoding it, we note that in reality it is the same file as the previous challenge (moonwalk 1).

2) When we try to decode the clue files we notice that they are not decoded, we have understood that the problem is that the audio is reversed so we open the clue files with audacity to reverse them.

3) select the open audio (with ctrl + a) -> after which we select effects from the toolbar -> invert -> Built-in effect: reverse. in this way we have "turned" the audio files so that they can be interpreted by QSSTV.

4) We put QSSTV in listening mode (start receiver key) and simultaneously reproduce the signal audio.

5) we repeat this step for all 3 clues.

6) following the clue 3 we open futureboy on the browser and go to the forensic tools.

7) Through the clue 2 we insert message.wav as a message to be decoded.

8) Through the clue 1 we discover that the password for the decoding is hidden_stegosaur.

9) enter this password in the field indicated by the software and start the decoding process.

10) We wait for the tool to decode the file and we get the flag for this challenge!

picoCTF{the_answer_lies_hidden_in_plain_sight}

Lascia un commento

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *