DEADFACE CTF 2024 Writeups - offsite-targets, price-check, syncopated-beat

10/18 ~ 10/20 참여한 CTF !!

중간고사 시험공부랑 동시에 하느라 3개밖에 못 풀었지만 공부하기 싫을때마다 CTF 문제 풀러 도피.. 재밌었다 ㅎㅎ......(님들은 이러지 마세요 공부하새요)

 

---

 

페이즈 5의 무시무시한 CTF
근데 저대로 안나옴. 포너블 풀고싶었는데 포너블 안나옴.

그래서 스테가노그래피만 잡았는데
스테가노그래피 7문제중에 내가 팀에서 3개 풀었당 ~

 

---

 

offsite-targets

Offsite Targets - 25 points
Category: Steganography
Description:
Created by: syyntax

lamia415 sent an image to daem0n with secret information about who or what they are building a campaign against. Turbo Tactical wants to lean forward on this and prepare any individuals or companies that might be targeted by DEADFACE. Find out what the hidden message is and submit the flag.

steghide 사용함

Enter passphrase : d34df4c3

vi secret.text.gz

 

---

 

price-check

Price Check - 100 points
Category: Steganography
Description:
Created by: RP-01?

DEADFACE has been hacking random people all over town and no one can seem to figure out what they are doing. All we know at this time is that the most recent site that was hit was Otto’s Grocery Store. Oddly, only the customers are being affected and not the company’s network. What is happening? They hired our firm to sniff out the attack and we successfully captured a strange file being sent across the guest WiFi. We believe this is the primary attack vector, and we’ve heard some victims mention that they had to “scan” something - maybe it is in the wrong format? Can you figure out how this file is being used in the attack to reveal the flag?

문제 풀러 들어가보면 이런 글자들 나열

위 문제에서 끝에 , 넣고 한 줄씩 끊어서 길이를 확인해보니까
29*29 형태의 사각형 모양이 나오는 걸 확인

a = [0,255,255,255,255,255,255,0,255,255,255,255,0,255,0,0,255,255,0,0,255,0,255,255,255,0,0,255,255,
255,0,0,0,0,0,255,0,0,0,255,255,0,0,255,0,255,255,0,0,255,255,255,255,0,255,0,255,255,
255,0,255,255,255,0,255,0,0,0,255,0,0,0,0,255,0,0,0,255,0,255,0,0,0,255,0,255,255,
0,0,255,255,255,0,255,0,0,255,0,255,0,0,255,255,255,0,0,0,255,255,0,255,255,255,255,255,255,
255,0,255,255,255,0,255,0,255,255,255,255,0,255,0,255,255,255,0,255,255,255,255,255,255,255,0,255,255,
0,0,0,0,0,0,255,0,0,255,255,255,0,255,0,255,0,255,255,255,255,0,0,0,255,255,0,0,255,
255,255,255,255,255,255,255,0,255,0,255,0,0,255,255,255,0,255,0,0,255,0,255,0,255,0,0,0,255,
255,0,0,0,0,0,0,0,255,255,0,0,255,0,0,0,0,0,255,0,255,0,0,0,255,255,0,0,0,
0,255,0,255,255,255,255,0,0,0,255,255,0,255,255,255,0,255,0,0,255,255,255,255,255,255,0,255,255,
0,0,255,0,255,255,0,0,0,0,0,0,255,0,255,0,0,255,0,255,255,0,0,0,255,255,0,255,0,
255,0,0,255,0,255,255,0,0,255,255,0,255,0,0,0,255,255,255,0,255,0,0,0,255,0,0,0,0,
255,255,255,255,0,255,0,0,0,255,255,255,255,255,255,0,255,255,255,0,0,255,0,255,255,0,255,0,255,
255,0,0,255,0,0,255,255,255,0,0,255,0,255,0,0,0,255,0,255,255,255,0,255,0,0,0,255,0,
255,255,0,255,255,255,0,0,0,0,0,255,0,255,0,255,255,255,0,255,255,255,255,0,0,255,0,255,255,
255,0,0,255,255,0,255,255,0,255,255,0,0,255,255,255,0,255,255,0,0,0,0,0,255,255,255,0,0,
255,0,0,255,255,255,0,255,0,0,0,255,255,0,0,0,0,255,255,0,0,0,255,255,255,255,0,0,255,
0,0,255,255,255,0,255,0,255,0,255,255,255,255,255,255,255,255,0,0,255,255,0,0,0,0,0,0,255,
255,0,255,0,255,255,0,255,0,255,255,255,0,0,255,0,0,255,255,0,0,255,255,255,255,255,0,0,0,
255,0,0,0,255,0,255,0,255,255,255,255,255,0,0,0,255,0,255,0,255,0,0,0,0,255,255,0,0,
255,0,255,255,0,0,0,255,255,0,0,255,0,255,255,0,255,255,255,0,0,0,255,255,255,0,255,0,255,
255,0,0,0,255,0,255,255,255,255,255,0,0,255,0,0,0,255,0,255,0,255,255,255,255,255,0,0,255,
0,0,0,0,0,0,0,0,255,0,0,0,0,255,0,255,255,255,0,255,255,0,0,0,0,0,0,0,0,
255,255,255,255,255,255,255,0,255,0,255,0,255,0,255,0,255,0,255,0,255,0,255,255,255,255,255,255,255,
255,0,0,0,0,0,255,0,255,255,0,255,255,0,0,0,255,0,0,255,255,0,255,0,0,0,0,0,255,
255,0,255,255,255,0,255,0,255,0,255,0,0,0,0,0,0,0,255,0,0,0,255,0,255,255,255,0,255,
255,0,255,255,255,0,255,0,255,0,255,255,255,0,0,0,0,0,255,0,0,0,255,0,255,255,255,0,255,
255,0,255,255,255,0,255,0,0,0,255,0,255,0,255,0,0,255,255,0,255,0,255,0,255,255,255,0,255,
255,0,0,0,0,0,255,0,0,255,255,0,255,255,255,255,0,255,0,255,0,0,255,0,0,0,0,0,255,
255,255,255,255,255,255,255,0,255,0,0,0,255,255,255,0,255,255,0,255,0,0,255,255,255,255,255,255,255]

b = ""
for i in range(29):
for j in range(29):
if a[i*29+j] == 255:
b += '██'
else:
b += '  '
#b += a[i*29:i*29+j]
b += '\n'
print(b)

 

---

 

Syncopated-beat

Syncopated Beat - 100 points
Category: Steganography
Description:
Created By: TheZeal0t

We found this video clip linked from one of the Lytton Labs MKULTRA websites. It has two mysterious, demonic voices on it.

Our linguists haven’t been able to determine the language: suggestions currently are Sumerian, Mayan, Hittite, Aramaic, Ugaritic, and Akkadian. Others have suggested the language may date back to the time of The Nephilim (a.k.a. “The Fallen Ones”).

It was a widely-held belief in the 1980s that demons could somehow influence rock artists to include their messages in the songs. We are still researching that angle, but that suggestion seems least likely.

The skeptics among us have suggested that the voices are the result of some advanced, unknown version of steganography. Because of the clip’s association with MKULTRA, the voices may serve as activation codes (so PLEASE BE CAREFUL!!!). None of our tools have been able to crack it. Can you help?

Enter the flag in all caps, no spaces, as follows: flag{I NIMROD PRONOUNCE A CURSE ON GILGAMESH}, or whatever other ancient imprecation that the demon(s) utter.

 

동영상 파일을 다운받은 후 실행시켜 보면
중간에 딱 봐도 역재생 해야겠다 싶은 부분이 있음

mov to mp3로 추출

goldwave로 Mp3 역재생

하면 flag에 대한 힌트를 준다고 영어로 말하는데

먼 소린지 몰?루겠어서..ㅎㅎ

도와줘요 GPT 선생님!!!!
ㄴ 네 도와드렸습니다.

flag{STEVE MILLER BAND}