"It's Hungry" was a hidden challenge in PoliCTF this year. While looking at other challenges, there was a noticeable update:
This was inspiration enough to start looking for the hidden challenge. Most hidden challenges on CTF's are fairly easy to spot, you just need to look at the pattern in the DOM of how it's setup, and what (if any) javascript methods they're attached to, and trigger them. This was a little easier though, the secret challenge was bound to the music playback timer (Which also sets up the theme of the challenge).
Description:
First started by finding the music file and downloading it, which happened to be a flac file. Next I loaded up Audacity because whenever I think of misc audio challenges, I think spectogram!
Sure enough there were three items found on the Spectogram of the song.
#1:
#2:
#3:
#1 is pretty obvious. #2 Looks Interesting, and #3 urges us to keep listening.
At this point I decided to look at #2, what looked like Binary or Morse Code.
After Launching an app on my phone to decode the morse via mic input, it spelled out:
It must be something simple and fundamental to the format. Tried looking into the Flac format for a while, but nothing stood out, was also looking for multi-track encoding or extracting the picture block from the file, but that would be even more complicated as they warned against.
Then I had remembered something from the badge challenge @ Defcon22. There was a small challenge where you had to call a number and it played notes. You then had to transcribe those nodes and that was the answer to get to the next challenge. (More about that could be read here: http://elegin.com/dc22)
Now we just have to extract the notes, how do we do that? Well there are a few ways, probably could do it by ear, but my music is rusty, so I converted the flac file to a wav, and used another piece of software to display the notes.
Then found this utility, after searching on github for a reasonable candidate (and before jumping into python to do it manually) -
https://github.com/corbanbrook/spectrotune
Launch spectrotune and point it to the new out.wav file generated, and watch as the notes unfold before your eyes!!!!
After manually writing down the main melody, it started to repeat, and noticed the pattern that was obvious to the original riddle:
Try submitting that, and we've got the Flag!!!!!!
[ global ] 10/7/2015 [9:35] - Congrats to Shark Fins. They found and solved the hidden challenge.
This was inspiration enough to start looking for the hidden challenge. Most hidden challenges on CTF's are fairly easy to spot, you just need to look at the pattern in the DOM of how it's setup, and what (if any) javascript methods they're attached to, and trigger them. This was a little easier though, the secret challenge was bound to the music playback timer (Which also sets up the theme of the challenge).
Description:
"Old McDonald had a farm. Old McDonald liked chiptune. He also needed to remind its daughter to take care about a zombie animal. But he wanted to do it discreetly, so he wrote this song. Can you find the message? (all lowercase, no spaces)
N.B. flag is not in format flag{.+}"
First started by finding the music file and downloading it, which happened to be a flac file. Next I loaded up Audacity because whenever I think of misc audio challenges, I think spectogram!
Sure enough there were three items found on the Spectogram of the song.
#1:
#2:
#3:
#1 is pretty obvious. #2 Looks Interesting, and #3 urges us to keep listening.
At this point I decided to look at #2, what looked like Binary or Morse Code.
After Launching an app on my phone to decode the morse via mic input, it spelled out:
"You are Overcomplicating, Just Listen."So they troll, and troll more, great!
It must be something simple and fundamental to the format. Tried looking into the Flac format for a while, but nothing stood out, was also looking for multi-track encoding or extracting the picture block from the file, but that would be even more complicated as they warned against.
Then I had remembered something from the badge challenge @ Defcon22. There was a small challenge where you had to call a number and it played notes. You then had to transcribe those nodes and that was the answer to get to the next challenge. (More about that could be read here: http://elegin.com/dc22)
Now we just have to extract the notes, how do we do that? Well there are a few ways, probably could do it by ear, but my music is rusty, so I converted the flac file to a wav, and used another piece of software to display the notes.
$ brew install flac $ flac -cd oldmcdonald.flac > out.wav
Then found this utility, after searching on github for a reasonable candidate (and before jumping into python to do it manually) -
https://github.com/corbanbrook/spectrotune
Launch spectrotune and point it to the new out.wav file generated, and watch as the notes unfold before your eyes!!!!
After manually writing down the main melody, it started to repeat, and noticed the pattern that was obvious to the original riddle:
feeddadeadbeef
Try submitting that, and we've got the Flag!!!!!!
