Okiok

Cyber Beats NSEC 2020 Write up

In the last Northsec event, I had the chance to play with a fun audio challenge. I had never done an audio steganography challenge before, so maybe the way I did it may seem obvious for some, but if you’re a complete beginner like me, you may find some of this stuff interesting.

The mp3 was a 1-minute gangster like instrumental song with nothing out of the ordinary. I looked at the file metadata and nothing stood out. I then googled “hidden message in audio file” and the first recommendation was to use a tool like Audacity or Sonic Visualizer to analyse the audio file. I decided to try Sonic Visualizer and pulled out the waveform on the mp3 import:

Nothing out of the ordinary here. After playing around with Sonic Visualizer menus for a bit, I found the Spectrogram Pane:

We see ‘SH Sux’ (School sucks which was the CTF thematic) in the spectrogram! It’s a first clue that a message was indeed hidden in mp3! However, that wasn’t our flag. I tried changing some of the spectrogram config like color, scales and peak but didn’t find anything.

I then pulled another type of pane available in Sonic Visualizer. The Melodic Range Spectrogram:

At first, it didn’t look like anything. However, after giving it another look, I noticed that there might be a pattern here with the reddish bars. To validate this, I loaded in a normal song and checked if a similar pattern was also present. I was happy to see that there wasn’t!

My first thought was to translate this into a binary format. The bottom bars are 0 and the top bars are 1.  I was having difficulty to determine the position of some of the bar, so I changed the view settings a bit:

This may not seem like a great improvement, but I was now able to correctly identify each bar 😊

Manually transcribing the bars to binary gave me: 0100011001001100010000010100011100101101011000010011010000111000001110000011001000110001001100000011100100110100011001000011001001100010011000010011010101100010

I put this in an online binary to ASCII translator and boom! FLAG-a48821094d2ba5b

Thanks for reading,

Exit mobile version