This is a more open-ended steganography challenge compared to the previous room we did (https://hex-men.tech/cc-stego/). Everything we learned in the stego crash course is going to be very useful in finding the final flag.

Find the Flag

Let’s start by listening to the given audio file. You will notice something strange around the 37 second mark.

Language Arts – DEF CON 27- The Official Soundtrack – 02 Luckiness (Kilmanjaro Remix).wav

We will come back to this in a moment. Instead, let’s answer the first question in the room;

Who remixed the song?

It is always a good idea to start with exiftool to look for any details about the file you are working with.

exiftool output

You can see who remixed this song in the Title from the exiftool output. You can also see this information in the filename, but it’s a good idea to check exiftool anyway.

What link is hiding in the music?

Let’s see if we can find anything hidden in the file using sonic-visualiser. We are going to look for something around the time we heard the strange noise. Adjust your time scale so that you can see this section of the waveform in detail.

After adding a spectrogram layer we can see that a QR code is embedded here; how do we scan it?

Scanning a QR code requires high contrast, and the default spectrogram color and scale doesn’t generate a high enough contrast for us to scan. Change the Color to White on Black and adjust the threshold and gain until you are able to scan the code. After you have scanned the code, you should have the link we are looking for.

Embedded QR Code

Go to the link and listen to the file. You will also need to download the file found here.

What does the found audio convert to?

This is very clearly morse code. You can decode this message manually by interpreting it aurally, or visually by viewing the waveform in sonic-visualiser. Compare what you hear (or see) against a morse code chart (http://www.learnmorsecode.com/) to decode the message. 

You can also use an online tool to decode it for you (https://morsecode.world/international/decoder/audio-decoder-adaptive.html). Whichever way you decide, you should end up with another URL, so let’s check it out.

Decoded URL Reward

What was the found password?

Following that URL will lead you to a password; what is it for?

Using steghide to extract something from our original audio file yields a passphrase prompt. Let’s use this password we found and see if it works.

steghide extraction

What is the final flag?

For the final flag, read the contents of the file named secret.

This Post Has 2 Comments

  1. benben

    Hello, the pastebin link is not working anymore. Would you mind sharing the secret, so that we can complete this room, please?
    Thank you

  2. hex_man

    Sorry for the late response, I have been pretty busy! It looks like they updated the room, check the hint for that step to find what you need.

Leave a Reply