Going postal

Category: OSINT & Steganography - Points: 500 (at the beginning) then 490 (at the end) - Difficulty: Easy - Solves: 20 Description: My dear friend "Bob" made a tool online to uncover the truth behind that map.

Infos:

A .jpg file is provided (map.jpg)

Solution: To solve this challenge you need to analyze the jpg file in first step. The image contain an Australian map and there are stanges rods on the bottom left corner. But what represent these rods ? After many searches we found that this image correspond to an Australian Post 4-State Code. Now we "just" need to found a reader for this barcode... When we search Australian Post 4-State Code reader we find a website named bobcodes. What's name of our dear friend ? "Bob", exactly. We are now on the good way. So now, we need to convert the barcode in letters (T, D, A or H) to extract the infos. Here is the "rule" to convert : After convert the "code" is : ATDFFDDADDAADAADFAFAFFDAFTFDAFATAFAAATADTAFDTDDDDDDDTTTDFFTDDADFAAT and we collect some infos :

Format Control Code : 62
Sorting Code : 78475110
Customer Information Field : V3K4N64r00

We don't need these infos for the moment, but we keep them near to us.

We can now analize the first image with a steganography tool. To analyze an image in steganography, I always use Aperisolve. When we upload the file on the website, we can see there is a .7z file in backgroung data :

We download them but this .7z file is locked with password...

So now, we have to find this password. We can try to do a bruteforce attack... But after multiple tests any technique works. And earlier we found infos ! We can test with theses infos : "62", "78475110", "V3K4N64r00", "6278475110V3K4N64r00"... The good password is : 6278475110V3K4N64r00 We can dezip the 7z file and analyze extract datas. The folders names contain 4 digits and 40 numbers (0 or 1) who make a big binary.

But what can we do with these folders names ? Convert in hexa ? Build an image ? Range them in ascending order ? I decided to range the binary in create date order. So at the end we have this :

Looooooong datas

And the last step is to build an image with this big datas block. The website who do that is this one : Dcode - Convert Binary in Image After generating the image we just need to find a tool who can "read" the Data Matrix barcode : With some searches, we found this website Aspose and after this image analyse, the flag is displayed.

🚩 FLAG

dvCTF{4U57r4114_P057_4_57473}

PreviousData Leak NextThe Hacker Man

Last updated 1 year ago