I’m Raphaël LACROIX, a French computer scientist developping various applications in my free time ranging from definitely useless to somewhat usefull. I also do quite a lot of Capture the flag and cybersecurity challenges.
The THCon (Toulouse Hacking convention), is a French cybersecurity conference that brings together hobbyists, professionals and researchers every year at Toulouse in April.
This edition (2024), I was one of the challenge creators and created a 6-part geosINT challenge, a few steganography challenges, as well as making all challenges lore-accurate.
Note : in the case the CTFd is not up anymore, if you did not participate, or you don’t remember the challenges you can take a look at https://ctftime.org/event/2660/tasks/ although not all of them may be listed sadly :/
We are given an audio file in which the lowest 1000 Hz are in fact a full specter of frequencies of a leitmotiv of me repeating the phrase but transposed down by 1 octaves (i.e. “compressed” down to the 0-1000Hz range), and the highest frequencies are those of the American anthem (for the NUSA). There is some noise on the lowest audio part that covers the leitmotiv, but it wanes at some point (about 30s in).
After extraction, we hear God Save The King (1st flag, God Save the Queen is also accepted). If we try to extract the .wav file with steghide, we find a Keepass and a flag. The 1st flag (god save the king) opens the Keepass to find a 3rd flag (so that solving only one of the sub-challs still earns points).
The audio file is weirdly only high frequencies and if we open it with audacity we see one weird behavior at about 34s in. We can focus on only one repetition of the leitmotiv.
We can see that below 1kHz it’s noise + something and above the anthem, so we can remove the sound above 1kHz :
Effects > EQ & FIlters > Graph EQ
Then make a low-pass filter like :
We now hear that there is some weird low speech-like noise at 34s
Now we need to change the pitch back, between 1 and 2 octaves gives the best result:
Effects > Pitch & Tempo > Change Pitch
Thus, we find God Save the King (God Save the Queen is also an accepted flag)
Note : If one cannot hear the text, AIs can be used to decipher it :
Searching a list of WAV tools, steghide (that uses LSB steganography) is one of the first. Just run :
steghide extract -sf output.wav # (There is no password)
To get back the archive that was embedded in it. It contains a flag (2nd flag) + the Keepass archive that is to be opened by entering god save the king as a password.
Once the Keepass archive is opened (so once the player gets both flags) it contains the 3rd and last flag.
Congratulations to the 17 teams that got through !
