3108 Bahtera Siber 2023
Writeup by TFS
WEB
Lemah - Authentication Flaw Analysis
Solution
Files/Link Provided
Tools/Method Used
Inspect Element: Used to explore the website’s source code.
Cipher Identifier: For analyzing ciphertext. (Cipher Identifier)
ASCII Converter: For decoding ASCII-based ciphertext. (ASCII Converter)
Goals
Identify potential security flaws in the website.
Retrieve the flag hidden in the authentication mechanism.
Solution
Inspecting the Website:
Accessed the website via the provided URL.
Opened the "Inspect Element" tool to explore the website's code.
Navigated to the "Sources" tab and found a file named
auth.js.Examined the file and discovered credentials (username and password) along with a suspicious-looking number.
Analyzing the Number:
Copied the number to investigate its significance.
Used the Cipher Identifier tool to determine the encoding or cipher type.
Identified the number as an ASCII Code cipher.
Decoding the Cipher:
Pasted the ciphertext into an ASCII Converter.
Decoded the ASCII values to reveal the hidden flag.
Final Answer
FLAG: 3108{p4ssw0rd_l3m4h!}
Summary
By examining the source code of the website and utilizing cipher identification and ASCII decoding tools, the flag was successfully retrieved. This demonstrates the importance of securing sensitive files and data against client-side exposure.
Remarks/Tags/Lessons Learned
Lesson Learned: Always avoid embedding sensitive credentials directly in client-side code like
auth.js.Tags: Security Flaws, Web Application Security, Cryptography, ASCII Decoding, Client-Side Vulnerabilities.
Wantujus - Cookie-Based Flag Retrieval
Solution
Files/Link Provided
Tools/Method Used
Inspect Element: Used to explore the website’s source code.
Base64 Decoder: For decoding Base64-encoded cookie values.
Goals
Interact with the website to trigger a potential flag.
Analyze cookies to retrieve the hidden flag.
Solution
Interacting with the Website:
Accessed the website via the provided URL.
Played the "batu, kertas, gunting" (rock, paper, scissors) game repeatedly until reaching 10 rounds.
Inspecting the Source Code:
Opened the "Inspect Element" tool to explore the website's source code.
Found a file named
getFlag.phpin the sources, which revealed cookie values labeled as "Biskut."
Decoding the Cookie:
Noted that all cookie values were encoded in Base64.
Copied the cookie value and used a Base64 Decoder to decode it.
Successfully retrieved the flag from the decoded value.
Final Answer
FLAG: 3108{biskut_marie}
Summary
By engaging with the website’s game feature and analyzing the cookies via the source code, the flag was extracted. This highlights the significance of securing sensitive data such as cookies from easy access and decoding.
Remarks/Tags/Lessons Learned
Lessons Learned:
Reaching a specific game state (10 rounds) can unlock hidden functionality or resources in a CTF challenge.
Client-side code often exposes critical clues, such as file names (
getFlag.php) or variable labels (Biskut), that can guide exploitation.Cookies can store sensitive data, and understanding their encoding method (e.g., Base64) is key to exploitation.
Decoding Base64 is a common step in CTF challenges, emphasizing the importance of familiarity with standard encoding methods.
The process reinforces the importance of persistence—interacting repeatedly with a target can reveal exploitable patterns or hidden features.
Tags: CTF Challenge, Cookie Exploitation, Base64 Decoding, Inspect Element, Game State Manipulation, Web Security.
Wantusom - Unbeatable Game Flag Analysis
Solution
Files/Link Provided
Tools/Method Used
Inspect Element: Used to explore the website’s source code.
JavaScript Editing: For modifying the game logic.
Base64 Decoder: For decoding Base64-encoded cookie values.
Goals
Bypass the game’s unbeatable condition to reach the winning state.
Analyze cookies to retrieve the hidden flag.
Solution
Interacting with the Website:
Accessed the website via the provided URL.
Played the "batu, kertas, gunting" (rock, paper, scissors) game.
Observed that the game gets stuck at 9 wins, making it impossible to reach 10 wins.
Inspecting the Source Code:
Opened the "Inspect Element" tool to explore the website's source code.
Located the
script.jsfile, which contains the game logic.Found a condition that triggers an unbeatable state if the player reaches 9 wins.
Modifying the Game Logic:
Edited the
script.jsfile directly in the browser.Changed the condition from
if 9toif 11to bypass the unbeatable state.
Winning the Game:
Continued clicking "batu," "kertas," or "gunting" until reaching 10 wins.
Observed that cookies appeared after reaching 10 wins.
Decoding the Cookie:
Noted that the cookie value was encoded in Base64.
Copied the cookie value and used a Base64 Decoder to decode it.
Successfully retrieved the flag from the decoded value.
Final Answer
FLAG: 3108{biskut_tiger}
Summary
By modifying the game logic in the website’s JavaScript file, the unbeatable condition was bypassed, allowing the user to reach 10 wins and retrieve the cookies. Decoding the cookies revealed the flag, highlighting the importance of securing client-side code.
Remarks/Tags/Lessons Learned
Lessons Learned:
Analyzing JavaScript files in client-side code can reveal game logic and exploitable conditions.
Modifying client-side scripts in the browser is a powerful technique for bypassing restrictions in CTF challenges.
Identifying and altering specific conditions (e.g., changing
if 9toif 11) can neutralize intentional barriers.Reaching specific game states often triggers hidden cookies or resources.
Base64 decoding remains a common method for extracting sensitive data in CTF challenges.
Tags: CTF Challenge, JavaScript Exploitation, Game Logic Bypass, Base64 Decoding, Inspect Element, Client-Side Security.
Pantun Pantul - Console Inspect Element Function
Solution
Files/Link Provided
Tools/Method Used
Placeholder Input: For entering the correct pantun.
Google Search: For finding the correct pantun to use.
Browser Console: For executing JavaScript functions.
Goals
Input the correct pantun to trigger the next step in the challenge.
Use the discovered function to reveal the flag.
Solution
Interacting with the Website:
Accessed the website via the provided URL.
Observed a placeholder field requiring a pantun (traditional Malay poem) as input.
Searched online to find the correct pantun matching the challenge’s context.
Triggering the Next Step:
Entered the correct pantun in the placeholder field.
Submitted the input, prompting a text response from the website.
Analyzed the response, which hinted at a function named
bendera().
Using the
bendera()Function:Opened the browser’s developer tools and navigated to the console.
Executed the
bendera()function directly in the console.Observed that the function revealed the flag.
Final Answer
FLAG: 3108{pantun1337kerat}
Summary
By identifying and entering the correct pantun, the website provided a clue about the bendera() function. Executing this function in the console successfully revealed the flag. This process demonstrates the importance of examining website responses and utilizing browser developer tools effectively.
Remarks/Tags/Lessons Learned
Lessons Learned:
Understanding cultural or thematic elements (e.g., pantun) can be crucial in solving CTF challenges.
Website responses often include subtle hints (e.g.,
bendera()) that guide the next steps.The browser console is a powerful tool for executing hidden or hinted JavaScript functions.
Combining traditional knowledge with technical analysis can lead to successful exploitation.
Tags: CTF Challenge, JavaScript Functions, Browser Console, Placeholder Exploitation, Cultural Elements in CTFs, Client-Side Analysis.
REVERSE ENGINEERING
Sarawak - Decompile File Analysis
Solution
Files/Link Provided
File:
perwira
Tools/Method Used
Decompiler: For analyzing the
perwirabinary file.Dogbolt: Online decompilation tool to understand binary code. (Dogbolt)
Goals
Reverse engineer the provided file to identify the flag.
Solution
Uploading the File:
Downloaded the
perwirafile provided in the challenge.Recognized that the challenge was categorized under Reverse Engineering (RE).
Selected an appropriate tool, Dogbolt, for decompilation.
Analyzing the Decompiled Code:
Uploaded the
perwirafile to Dogbolt.Examined the decompiled output to understand the code structure and logic.
Observed patterns and specific segments of code that appeared relevant to the flag.
Identifying the Flag:
While reviewing the decompiled code, located a segment containing the flag.
Extracted the flag from the identified section of the code.
Final Answer
FLAG: 3108{r3nt4p}
Summary
By decompiling the perwira file using Dogbolt, the flag was successfully identified within the binary's code structure. This demonstrates the effectiveness of using decompilation tools for Reverse Engineering challenges.
Remarks/Tags/Lessons Learned
Lessons Learned:
Decompilers like Dogbolt are crucial for analyzing binary files in Reverse Engineering challenges.
Understanding the code logic and identifying patterns can lead to the flag's location.
Categorization of challenges (e.g., RE) helps in selecting the appropriate tools and methods.
Online tools provide quick and accessible solutions for decompilation.
Tags: CTF Challenge, Reverse Engineering, Decompilation, Dogbolt, Binary Analysis, Flag Extraction.
Pa+rio+ik - Caesar Cipher and XOR Exploit
Solution
Files/Link Provided
File:
chall
Tools/Method Used
Decompiler: For analyzing the
challbinary file.Dogbolt: Online decompilation tool to examine code logic. (Dogbolt)
Custom Python Script: To reverse the encryption logic.
Goals
Analyze the encryption mechanism in the provided binary.
Reverse the encryption to retrieve the flag.
Solution
Scanning the Binary:
Downloaded the
challfile provided in the challenge.Uploaded the file to Dogbolt for decompilation.
Examined the decompiled code and identified a function that encrypts input using a combination of a Caesar cipher and XOR operations.
Understanding the Encryption Logic:
The encrypt function rotates characters using a Caesar cipher approach.
Each character is XORed with
0x31after the rotation.The program compares the encrypted input to a predefined sequence.
Decryption Logic:
Reversed the XOR operation by XORing each encrypted byte with
0x31.Undid the Caesar cipher-style rotation using the following Python function:
def reverse_rotation_v2(char): if 'A' <= char <= 'Z': orig_val = (ord(char) - 0x41) % 26 return chr(orig_val + 0x39) elif 'a' <= char <= 'z': orig_val = (ord(char) - 0x61) % 26 return chr(orig_val + 0x59) return charImplemented the complete decryption using the extracted data:
def get_flag_v2(): # Extracted data from var_b8 and adjacent memory encrypted_data = [0x01, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x4a, 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x67, 0x00, 0x00, 0x00, 0x7e, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x78, 0x00, 0x00, 0x00, 0x6e, 0x00, 0x00, 0x00, 0x64, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x6b, 0x00, 0x00, 0x00, 0x7d, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x62, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00] # Reverse the XOR operation decrypted_data = [chr(byte ^ 0x31) for byte in encrypted_data if byte != 0x00] # Reverse the Caesar cipher-style rotation flag = ''.join([reverse_rotation_v2(char) for char in decrypted_data]) return flag flag = get_flag_v2() print(flag)
Extracting the Flag:
Executed the script to reverse the encryption logic.
Retrieved the flag from the output.
Final Answer
FLAG: 3108{B4NG5A_M3RD3K4}
Summary
By analyzing the chall binary in Dogbolt, the encryption logic was understood and reversed. Using a Python script to decrypt the data, the flag was successfully retrieved. This challenge highlights the importance of understanding encryption mechanisms like Caesar cipher and XOR in Reverse Engineering challenges.
Remarks/Tags/Lessons Learned
Lessons Learned:
Binary analysis tools like Dogbolt are essential for decompiling and understanding code logic.
Combining Caesar cipher rotation with XOR is a common encryption pattern in CTF challenges.
Reversing XOR and Caesar cipher operations requires a step-by-step approach to reconstruct the original data.
Memory inspection can provide critical data required for decryption.
Tags: CTF Challenge, Reverse Engineering, Caesar Cipher, XOR Encryption, Python Scripting, Dogbolt, Flag Extraction.
k0rban - Flag Extraction via Simulation
Solution
Files/Link Provided
File:
chall2
Tools/Method Used
Decompiler: For analyzing the
chall2binary file.Dogbolt: Online decompilation tool for reverse engineering. (Dogbolt)
Custom Python Script: For simulating the
sub_11e9function and extracting the flag.
Goals
Analyze the binary to understand its functionality.
Simulate the function
sub_11e9with the correct argument to retrieve the flag.
Solution
Analyzing the Binary:
Downloaded the
chall2file provided in the challenge.Uploaded the file to Dogbolt for decompilation.
Noticed a condition in the code:
(arg1 != 0xdeadbeef)which prevents a loop from executing if not satisfied.
Understanding the Functionality:
Identified the
sub_11e9function as critical for assembling the flag.Observed that passing
arg1 = 0xdeadbeefallows the function to iterate through a string and combine specific characters.
Simulating the Function:
Recreated the logic of the
sub_11e9function in Python to simulate its behavior:def get_flag(): flag_string = "304t3rop1bRE04A&8nd9{_srPJh)31NbnwiDdA12E_t0kr*&44QcRGIu_AhGK}A" flag_output = "" for var_1c in range(1, 0x20): index = (var_1c << 2) % len(flag_string) flag_output += flag_string[index] return flag_output flag = get_flag() print(flag)
Extracting the Flag:
Executed the script to simulate the function’s behavior.
Retrieved the flag from the output of the simulation.
Final Answer
FLAG: 3108{P3ndEk4R_K0rb4n_J1wA_r4GA}
Summary
By analyzing the chall2 binary in Dogbolt, the condition blocking the loop was identified. Simulating the sub_11e9 function with the correct argument (0xdeadbeef) allowed for the extraction and assembly of the flag. This challenge showcases the importance of understanding control flow and simulating restricted logic in Reverse Engineering challenges.
Remarks/Tags/Lessons Learned
Lessons Learned:
Identifying bypass conditions like
(arg1 != 0xdeadbeef)is critical in Reverse Engineering.Simulating function logic is an effective way to understand and exploit program behavior.
Understanding string manipulation and indexing is essential for extracting encoded data.
Recreating program behavior using Python or similar tools can simplify complex analysis.
Tags: CTF Challenge, Reverse Engineering, Simulation, Python Scripting, Dogbolt, Control Flow Analysis, Flag Extraction.
STEGANOGRAPHY
Tugu Negara - Png Zsteg Analysis
Solution
Files/Link Provided
File:
Tugu-Negara.png
Tools/Method Used
Steganography Analyzer: For analyzing the PNG file.
Aperisolve: Online tool for steganography analysis. (Aperisolve)
Goals
Analyze the PNG file to uncover hidden data.
Extract the flag from the steganographic content.
Solution
Analyzing the File:
Downloaded the
Tugu-Negara.pngfile provided in the challenge.Recognized it as a steganography challenge.
Uploading to Aperisolve:
Uploaded the PNG file to Aperisolve, an online steganography analysis tool.
Allowed Aperisolve to process and scan the file for hidden content.
Reviewing Results:
Browsed through the output provided by Aperisolve.
Found the flag in the
zstegsection of the analysis results.
Extracting the Flag:
Copied the flag directly from the
zstegsection of the output.
Final Answer
FLAG: 3108{7ugu_n3g4r4}
Summary
By leveraging Aperisolve to analyze the Tugu-Negara.png file, the hidden flag was successfully retrieved from the zsteg section. This challenge underscores the utility of specialized tools in identifying and extracting steganographic content efficiently.
Remarks/Tags/Lessons Learned
Lessons Learned:
Tools like Aperisolve simplify steganography analysis by automating the detection process.
Different sections of the analysis (e.g.,
zsteg) may reveal crucial data.Recognizing common file types and their relevance in CTF challenges (e.g., PNG for steganography) speeds up the problem-solving process.
Tags: CTF Challenge, Steganography, Aperisolve, zsteg, Hidden Data, PNG Analysis, Flag Extraction.
Jalur Gemilang - Corrupted JPEG Repair Flag
Solution
Files/Link Provided
File:
jalur_gemilang.jpg
Tools/Method Used
Hex Editor: For analyzing and repairing the corrupted JPEG file.
HexEd.it: Online hex editor. (HexEd.it)
Goals
Repair the corrupted JPEG file.
View the repaired image to retrieve the flag.
Solution
Analyzing the File:
Downloaded the
jalur_gemilang.jpgfile provided in the challenge.Observed that the file did not display correctly, indicating corruption.
Inspecting the File in Hex Editor:
Uploaded the file to HexEd.it for detailed analysis.
Examined the file's header and noticed discrepancies compared to the standard JPEG file format.
Correcting the Header:
Replaced the corrupted header with the correct JPEG header values:
Correct JPEG Header: FF D8 FF E0 00 10 4A 46 49 46 00 01Saved the changes to repair the file.
Viewing the Repaired Image:
Reopened the file after correcting the header.
The image displayed correctly, revealing the flag embedded within.
Final Answer
FLAG: 3108{j4lur_g3mil4ng}
Summary
By identifying and correcting the corrupted header in the jalur_gemilang.jpg file using HexEd.it, the image was successfully repaired. Viewing the repaired image revealed the hidden flag. This challenge highlights the importance of understanding file formats and using hex editors for digital forensics and CTF challenges.
Remarks/Tags/Lessons Learned
Lessons Learned:
Understanding standard file headers is crucial for identifying and repairing corrupted files.
Hex editors like HexEd.it are powerful tools for forensic analysis and CTF challenges.
JPEG files have a specific header structure (
FF D8 FF E0) that must be intact for proper display.Repairing corrupted files can uncover hidden data or artifacts crucial for solving challenges.
Tags: CTF Challenge, File Repair, JPEG Header, Hex Editor, HexEd.it, Digital Forensics, Flag Extraction.
CRYPTOGRAPHY
Nasihat - XOR Decryption
Solution
Files/Link Provided
Files:
flag.txt.enc,nasihat.py
Tools/Method Used
Python Interpreter: For reviewing and running the script.
Thonny: Python IDE for analyzing the
nasihat.pyscript.
Goals
Analyze the Python script to extract the password.
Use the extracted password to decrypt the encrypted flag file.
Solution
Analyzing the Python Script:
Opened the
nasihat.pyscript using Thonny.Reviewed the code and identified the following key components:
A
str_xorfunction that performs XOR encryption/decryption.A
decrypt_flagfunction that reads the encrypted file, appliesstr_xorwith the provided password, and returns the decrypted flag.The
split_passwordvariable, which contains the password in a split string format:split_password = ("1" + \ "ng4t" + \ "-" + \ "rukun" + \ "-" + \ "n3g4ra")
Combined the password fragments to form:
1ng4t-rukun-n3g4ra.
Running the Script:
Executed the
nasihat.pyscript.When prompted for the password, entered the extracted password:
1ng4t-rukun-n3g4ra.The script successfully decrypted the
flag.txt.encfile using thedecrypt_flagfunction.
Retrieving the Flag:
Observed the decrypted output displayed by the script:
Decrypted flag: 3108{rukun_n3g4r4_adlh_p3nt!ng}
Final Answer
FLAG: 3108{rukun_n3g4r4_adlh_p3nt!ng}
Summary
By analyzing the nasihat.py script, the password was extracted from the split_password variable and used to decrypt the flag.txt.enc file. The XOR decryption logic within the script allowed for the successful retrieval of the flag. This challenge highlights the importance of understanding encryption mechanisms and reading scripts carefully for clues.
Remarks/Tags/Lessons Learned
Lessons Learned:
XOR encryption is reversible if the key (password) is known or can be deduced.
Analyzing Python scripts carefully can reveal critical components like hardcoded passwords or encryption logic.
Understanding how to combine string fragments is essential for interpreting obfuscated data in CTF challenges.
Running scripts in a controlled environment (e.g., Thonny) helps validate assumptions and test decryption logic.
Tags: CTF Challenge, XOR Encryption, Python Script, Password Extraction, Thonny, Flag Decryption.
Selamat Malam - Atbash Cipher Decode
Solution
Files/Link Provided
File:
Senandung_Lena.txt
Tools/Method Used
Text Editor: For examining the content of the file.
Cipher Identifier: To identify the type of cipher used.
Atbash Decoder: For decoding the ciphertext.
Goals
Identify the cipher used in the text file.
Decode the ciphertext and extract the flag using a specified pattern.
Solution
Analyzing the File:
Opened the
Senandung_Lena.txtfile in a text editor.Observed unusual text that appeared to be encoded.
Identifying the Cipher:
Uploaded the ciphertext to a Cipher Identifier tool.
The tool determined that the text was encoded using an Atbash cipher.
Decoding the Ciphertext:
Used an Atbash Decoder to decode the ciphertext.
Obtained the decoded text, which contained a mix of numbers, uppercase letters, and other characters.
Extracting the Flag:
Noticed a pattern in the flag construction: only numbers and uppercase letters in the decoded text were relevant.
Extracted these characters sequentially to form the flag.
Final Answer
FLAG: 3108{MALAYSIAAMAN}
Summary
By analyzing the Senandung_Lena.txt file and identifying the Atbash cipher, the ciphertext was successfully decoded. Recognizing the pattern of numbers and uppercase letters in the decoded text allowed for the construction of the flag. This challenge highlights the importance of both cryptographic tools and pattern recognition in solving encoded challenges.
Remarks/Tags/Lessons Learned
Lessons Learned:
Tools like Cipher Identifier are invaluable for quickly identifying obscure ciphers.
Atbash is a simple substitution cipher that reverses the alphabet, but it can be tricky without recognition tools.
Pattern recognition in decoded text is often key to extracting flags in CTF challenges.
Systematic decoding and analysis ensure no details are overlooked.
Tags: CTF Challenge, Atbash Cipher, Cipher Identifier, Flag Extraction, Cryptography, Pattern Recognition.
Keretapi Tanah Melayu - Rail Fence Cipher
Solution
Files/Link Provided
File:
keretaapitanahmelayu.txt
Tools/Method Used
Rail Fence Cipher Decoder: For decoding the initial cipher text. (Boxentriq Rail Fence Decoder)
Base64 Decoder: For decoding the Base64-encoded text. (RapidTables Base64 Decoder)
Goals
Decode the Rail Fence Cipher from the text file.
Decode the Base64-encoded content to extract the flag.
Solution
Analyzing the File:
Opened the
keretaapitanahmelayu.txtfile in a text editor.Observed a mix of readable text and cipher text.
Identifying the Cipher:
Based on the challenge name "Keretapi" and its cryptography category, suspected a Rail Fence Cipher.
Uploaded the cipher text to the Boxentriq Rail Fence Decoder and successfully decoded the first layer of the cipher.
Decoding the Rail Fence Output:
Identified that the decoded text partially revealed the flag format (
3108) but contained additional encoded content.Noticed the encoded content ended with
==, which is a common indicator of Base64 encoding.
Decoding the Base64 Content:
Copied the encoded portion into the RapidTables Base64 Decoder.
Decoded the text to reveal the full flag.
Final Answer
FLAG: 3108{hujanemasdinegerioranghujanbatudinegerisendiri}
Summary
By recognizing the Rail Fence Cipher based on the challenge name and decoding the text, the second layer of encoding (Base64) was revealed. Decoding the Base64 content successfully extracted the flag. This challenge demonstrates the importance of layered decoding and recognizing cipher patterns in cryptography challenges.
Remarks/Tags/Lessons Learned
Lessons Learned:
Challenge names often provide hints about the type of cipher or method used.
Rail Fence Cipher is a transposition cipher that can be decoded using online tools like Boxentriq.
Base64 encoding is commonly used in CTF challenges and is recognizable by its
==padding at the end of the encoded string.Combining multiple decoding techniques can uncover layered encryption strategies.
Tags: CTF Challenge, Rail Fence Cipher, Base64 Decoding, Layered Encryption, Cryptography, Flag Extraction.
Jerebu - Music Note Cipher
Solution
Files/Link Provided
File:
Jerebu.png
Tools/Method Used
Music Note Cipher Decoder: For decoding the musical notes in the image. (dCode Music Sheet Cipher Decoder)
Goals
Decode the musical notes from the image to extract the hidden flag.
Solution
Analyzing the File:
Opened the
Jerebu.pngfile, which displayed a sheet of musical notes.Recognized that the challenge category was cryptography, prompting further investigation.
Identifying the Cipher:
Performed a quick Google search for "Music Note Cipher."
The first result led to the dCode Music Sheet Cipher Decoder, confirming the cipher type.
Decoding the Ciphertext:
Uploaded the musical notes to the dCode Music Sheet Cipher Decoder.
Decoded the first line of notes and identified that the text corresponded to lyrics from the song Hijau by Zainal Abidin.
Finding the Flag:
Noticed that decoding the entire text would take significant time.
Focused on searching for the flag pattern (
3108) within the ciphertext.Located the flag in the middle of the notes, starting from a distinct ‘o.’
Decoded the middle portion of the notes to extract the flag.
Final Answer
FLAG: 3108{P3RJ4NJNASEAN}
Summary
By recognizing the Music Note Cipher in Jerebu.png and leveraging the dCode Music Sheet Cipher Decoder, the flag was successfully extracted from the middle portion of the notes. This challenge highlights the importance of efficiently identifying and targeting specific sections of encoded data when faced with large ciphertexts.
Remarks/Tags/Lessons Learned
Lessons Learned:
Recognizing cipher types based on visual cues (e.g., musical notes) is critical in cryptography challenges.
Online tools like dCode simplify the process of decoding specialized ciphers.
Efficiently narrowing down and focusing on relevant sections of ciphertext can save time and effort.
CTF challenges often include cultural or thematic elements (e.g., song lyrics) that can provide additional context.
Tags: CTF Challenge, Music Note Cipher, dCode, Cryptography, Efficient Decoding, Flag Extraction.
1957bit - Binary XOR Cipher
Solution
Files/Link Provided
File:
1957bit.txt
Tools/Method Used
XOR Decoder: For decoding the binary using a key. (dCode XOR Cipher Decoder)
Goals
Decode the binary content in the file using the key derived from the challenge description.
Solution
Analyzing the File:
Opened the
1957bit.txtfile, which contained a long sequence of binary data.The challenge description included the phrase: "1957 bukan angka semata, ia kunci" ("1957 is not just a number, it is a key"), suggesting that 1957 is the key to decode the binary.
Identifying the Decryption Method:
Recalled that binary sequences are commonly decoded using XOR with a key.
Selected the dCode XOR Cipher Decoder to perform the decoding.
Decoding the Binary:
Input the binary sequence from the file into the XOR Decoder tool.
Used
1957as the key for decoding.The tool successfully decoded the binary and revealed the flag.
Final Answer
FLAG: 3108{MT832Jf4MMUxKCj53LCjyKYwQZYVdGXyNzZQuKQSGB7bMuHZFgfBu64cr7UjDnYjbjAZZG8}
Summary
By recognizing the hint in the challenge description and applying the XOR Cipher Decoder with the key 1957, the binary in 1957bit.txt was successfully decoded to reveal the flag. This challenge demonstrates the importance of understanding binary encoding and leveraging XOR decryption techniques in cryptography challenges.
Remarks/Tags/Lessons Learned
Lessons Learned:
Challenge descriptions often contain subtle hints that guide the decoding process.
XOR is a commonly used cipher in CTF challenges for binary data.
Tools like dCode's XOR Cipher Decoder simplify the decoding of binary sequences.
Applying logical reasoning to interpret key phrases can lead to efficient problem-solving.
Tags: CTF Challenge, XOR Cipher, Binary Decoding, dCode, Cryptography, Flag Extraction.
NETWORK
Johan - HTTP Packet Analysis
Solution
Files/Link Provided
File:
whut.pcapng
Tools/Method Used
Wireshark: For analyzing the packet capture file.
Goals
Analyze HTTP packets in the provided
pcapngfile to uncover the hidden word.Use the extracted information to retrieve the flag.
Solution
Analyzing the File:
Opened the
whut.pcapngfile in Wireshark.Read the challenge description, noting that the information submitted by "Johan" would be relevant.
Filtering HTTP Packets:
Applied a filter for HTTP packets to narrow down the data.
Identified interesting packets related to browsing activity, specifically HTTP POST requests.
Following the TCP Stream:
Selected a packet with HTTP POST data and followed its TCP stream.
Found binary text within the payload of the POST request.
Decoding the Binary Text:
Combined all binary text from the relevant streams.
Decoded the binary to reveal a plaintext string, which appeared to be a URL.
Removed extraneous characters from the decoded text to construct the valid URL.
Visiting the Website:
Accessed the decoded website.
Found the flag displayed on the webpage.
Final Answer
FLAG: 3108{KU4L4_LUMPUR}
Summary
By filtering HTTP packets in Wireshark and analyzing the binary text in the TCP stream of POST requests, the hidden URL was constructed. Visiting the URL revealed the flag. This challenge demonstrates the importance of understanding network protocols and decoding techniques in analyzing packet captures.
Remarks/Tags/Lessons Learned
Lessons Learned:
HTTP filtering in Wireshark is a powerful way to isolate relevant traffic in packet capture files.
Following TCP streams can reveal hidden data, such as binary text, embedded in HTTP requests.
Decoding binary data and interpreting its structure is key to solving network-related CTF challenges.
Post-analysis steps, such as visiting extracted URLs, can lead directly to the flag.
Tags: CTF Challenge, Wireshark, HTTP Analysis, TCP Stream, Binary Decoding, Network Traffic, Flag Extraction.
Lagi-Lagi Johan - HTTP Packet Analysis
Solution
Files/Link Provided
File:
ez.pcapng
Tools/Method Used
Wireshark: For analyzing the packet capture file.
Goals
Analyze HTTP packets in the provided
pcapngfile to locate the flag.
Solution
Analyzing the File:
Opened the
ez.pcapngfile in Wireshark.Based on the challenge description, focused on browsing activity by "Johan."
Filtering HTTP Packets:
Applied an HTTP filter in Wireshark to isolate relevant traffic.
Observed multiple HTTP requests in the filtered results.
Inspecting the HTTP POST Request:
Selected the first HTTP POST request, as it often contains user-submitted data.
Examined the packet details and identified the flag embedded in the request payload.
Final Answer
FLAG: 3108{P4TR0T1C}
Summary
By applying an HTTP filter in Wireshark and inspecting the POST request payload, the flag was quickly identified. This challenge demonstrates the utility of focusing on specific protocols and request types when analyzing packet capture files.
Remarks/Tags/Lessons Learned
Lessons Learned:
Filtering for HTTP traffic in Wireshark narrows down irrelevant data, making analysis more efficient.
HTTP POST requests often contain valuable user-submitted data that can lead to the flag.
Analyzing packet payloads provides direct insights into hidden or encoded information.
Tags: CTF Challenge, Wireshark, HTTP Analysis, POST Request, Network Traffic, Flag Extraction.
Jalan Jalan Di Kuala Lumpur - HTTP Object Analysis
Solution
Files/Link Provided
File: Provided network capture file.
Tools/Method Used
Wireshark: For analyzing the packet capture file and exporting HTTP objects.
Goals
Analyze HTTP traffic to uncover hidden data.
Extract and combine relevant objects to retrieve the flag.
Solution
Analyzing the File:
Opened the provided network capture file in Wireshark.
Read the challenge description, which hinted at hidden history remains around Kuala Lumpur.
Filtering HTTP Packets:
Applied an HTTP filter to narrow down the packet list.
Observed numerous HTTP packets with intriguing references, such as titles of pictures.
Exporting HTTP Objects:
Used File > Export Objects > HTTP in Wireshark to export all HTTP objects.
Saved the exported files for further inspection.
Inspecting Exported Files:
Reviewed the extracted files, including
flag.txt,galeri.png, and.----%2520-----.pdf.Found fragments of the flag written across these files.
Combining the Flag:
Consolidated the information from the exported files to form the complete flag.
Final Answer
FLAG: 3108{B4P4_M4L4YS1A}
Summary
By filtering HTTP traffic and exporting objects from the packet capture file, the hidden flag was successfully retrieved from multiple files. This challenge highlights the importance of leveraging Wireshark’s export features and systematically inspecting extracted data.
Remarks/Tags/Lessons Learned
Lessons Learned:
Exporting HTTP objects in Wireshark is an effective way to retrieve hidden data embedded in network captures.
Combining fragmented data from multiple sources can lead to the complete solution in CTF challenges.
HTTP filters are a recurring and powerful tool for narrowing down relevant traffic in packet analysis.
Tags: CTF Challenge, Wireshark, HTTP Analysis, Export Objects, File Inspection, Flag Extraction.
Perpaduan - Cracking WPA Handshake w Aircrack
Solution
Files/Link Provided
Tools/Method Used
Web Browser: For accessing the provided URL and downloading resources.
Wireshark: For analyzing the handshake
.capfile.Aircrack-ng: For cracking the WPA handshake using the wordlist.
Goals
Extract and analyze the files from the provided link.
Use the wordlist and
.capfile to crack the WPA handshake and retrieve the flag.
Solution
Accessing the URL:
Visited the provided URL, which contained a MediaFire link.
Combined the URLs to form the download link: https://app.mediafire.com/stc0yhefz10a6.
Downloaded the folder named
3108, which contained two files:3108.txtandhandshake.cap.
Analyzing the Files:
Opened
3108.txt, which resembled a wordlist.Loaded
handshake.capin Wireshark to analyze its contents.Observed the presence of an SSID named
CrackMeFirst, indicating a WPA handshake capture.
Cracking the Handshake:
Used Aircrack-ng on Kali Linux to crack the handshake with the provided wordlist:
aircrack-ng -w 3108.txt -b <BSSID> handshake.capReplaced
<BSSID>with the identified BSSID from Wireshark.Successfully cracked the password, revealing the flag.
Final Answer
FLAG: 3108{K3H4RM0N14N}
Summary
By downloading and analyzing the provided resources, the WPA handshake was cracked using Aircrack-ng and the accompanying wordlist. This challenge demonstrates the integration of network traffic analysis and cracking tools in solving wireless security challenges.
Remarks/Tags/Lessons Learned
Lessons Learned:
Combining URLs can lead to hidden resources for challenge progression.
Wireshark is invaluable for identifying critical data in
.capfiles, such as SSIDs and BSSIDs.Aircrack-ng is a powerful tool for WPA handshake cracking when paired with an effective wordlist.
Efficient file inspection and tool usage are crucial for solving multi-step CTF challenges.
Tags: CTF Challenge, WPA Handshake, Wireshark, Aircrack-ng, Wordlist, Wireless Security, Flag Extraction.
MISC
Mencari Rahsia Si Dia - Spam Message Decoder
Solution
Files/Link Provided
File:
penyepaman.txt
Tools/Method Used
Spam Message Decoder: For decoding the long spam message.
Goals
Decode the spam message in the text file to retrieve the hidden flag.
Solution
Analyzing the File:
Opened the
penyepaman.txtfile in a text editor.Observed a long, repetitive message resembling spam content.
Based on the challenge description, suspected the use of a spam message decoding method.
Using the Spam Message Decoder:
Uploaded the spam message to an online Spam Message Decoder tool.
Decoded the message to reveal the hidden flag.
Final Answer
FLAG: 3108{sebuah_erti_pengorbanan}
Summary
By analyzing the spam-like message in the penyepaman.txt file and using a specialized decoder, the flag was successfully extracted. This challenge highlights the utility of recognizing and leveraging tools for decoding unconventional formats.
Remarks/Tags/Lessons Learned
Lessons Learned:
Spam-like messages often use encoding techniques that can be decoded with specialized tools.
Challenge descriptions provide subtle hints about the methods or tools required for decoding.
Leveraging online decoding tools saves time and effort in cryptography challenges.
Tags: CTF Challenge, Spam Message, Decoder, Cryptography, Flag Extraction.
Pesan Tentang Bicara - Morse and Vigenère Cipher
Solution
Files/Link Provided
File:
Batuta.png
Tools/Method Used
Morse Decoder: For decoding the Morse code. (dCode Morse Code Decoder)
Vigenère Cipher Decoder: For decoding the Vigenère Cipher. (dCode Vigenère Cipher Decoder)
Goals
Decode the Morse code to reveal the text.
Use the extracted text with the key "KEY" to decode the Vigenère Cipher and retrieve the flag.
Solution
Analyzing the File:
Opened the
Batuta.pngfile and observed a picture with Morse code written below it.
Decoding the Morse Code:
Input the Morse code into a Morse Decoder.
Decoded the Morse code, which revealed a text containing a weird sequence and the number
3108.
Identifying the Cipher:
Based on the challenge hint highlighting the word "KEY," suspected the use of a Vigenère Cipher.
Decoding the Vigenère Cipher:
Used the decoded Morse output as the ciphertext.
Entered "KEY" as the key in a Vigenère Cipher Decoder.
Decoded the ciphertext to reveal the flag.
Final Answer
FLAG: 3108{DENGAR_SEBELUM_BICARA}
Summary
By decoding the Morse code in the Batuta.png file and using the Vigenère Cipher with the key "KEY," the flag was successfully retrieved. This challenge demonstrates the importance of recognizing and combining multiple cipher techniques to extract hidden information.
Remarks/Tags/Lessons Learned
Lessons Learned:
Combining ciphers like Morse and Vigenère is common in layered CTF challenges.
Keywords in challenge hints (e.g., "KEY") can provide critical clues for solving the cipher.
Tools like dCode streamline the process of decoding complex ciphers.
Tags: CTF Challenge, Morse Code, Vigenère Cipher, dCode, Cryptography, Flag Extraction.
3108 CTF Town - Gameboy Game Flag Retrieval
Solution
Files/Link Provided
File: Provided
.gbafile.Emulator: VisualBoyAdvance
Tools/Method Used
Gameboy Emulator: For running the
.gbafile and playing the game.
Goals
Run the
.gbafile using an emulator.Progress through the game to uncover the hidden flag.
Solution
Setting Up the Emulator:
Downloaded and installed the VisualBoyAdvance emulator from the official website.
Configured the emulator for optimal gameplay.
Running the Game:
Loaded the
.gbafile into the emulator.Started the game and followed the gameplay instructions.
Finding the Flag:
Played through the game until the professor was rescued.
Upon rescue, the flag was displayed in the game.
Final Answer
FLAG: 3108{b4ntu_am4l4n_mul1a}
Summary
By running the .gba file in a Gameboy emulator and progressing through the game, the hidden flag was revealed. This challenge highlights the creative integration of retro gaming and flag retrieval in CTF challenges.
Remarks/Tags/Lessons Learned
Lessons Learned:
Recognizing file formats (e.g.,
.gba) is critical for determining the tools or platforms required.Game-based challenges often integrate gameplay mechanics with flag discovery.
Emulators like VisualBoyAdvance provide an accessible way to interact with legacy game files.
Tags: CTF Challenge, Gameboy Emulator,
.gbaFile, VisualBoyAdvance, Retro Gaming, Flag Extraction.
Nasi Lemak 1 Juta - Program Manipulation w Cheat Engine
Solution
Files/Link Provided
File:
BahteraSiber.exe.txt
Tools/Method Used
File Command: To analyze file information.
Windows Environment: For running the
.exefile.Cheat Engine: For manipulating program values.
Goals
Analyze the provided file to determine its functionality.
Manipulate the program to uncover and click the hidden button to retrieve the flag.
Solution
Analyzing the File:
Downloaded the
BahteraSiber.exe.txtfile.Used the
filecommand to inspect its type, which revealed:PE32 executable GUI Intel 80386, for MS Windows, UPX compressed.
Renamed the file to
BahteraSiber.exeto remove the.txtextension.
Running the Program:
Executed the program in a Windows environment.
Observed a GUI with a “Click Me” button that increased the “Wang” value by RM1 per click.
Noticed a hidden button labeled “BAHAN RAHSIA: 1,000,000 NASI LEMAK” in the bottom-left corner.
Identifying the Objective:
Determined that the goal was to manipulate the program to reach 1,000,000 cooked nasi lemak and activate the hidden button.
Manipulating Values with Cheat Engine:
Launched Cheat Engine and attached it to the running process of
BahteraSiber.exe.Modified the “Wang” value in the program to facilitate faster progression.
Cooked a few nasi lemak to generate a base value and used Cheat Engine to modify the cooked nasi lemak count to 1,000,000.
Clicking the Hidden Button:
Activated the hidden button “BAHAN RAHSIA” after reaching the required value.
Retrieved the flag displayed by the program.
Final Answer
FLAG: 3108{B2148ED1A1EA228DD33363B6D1134063B59B62DB}
Summary
By analyzing the file type, running the program, and manipulating its values using Cheat Engine, the hidden button was activated, revealing the flag. This challenge demonstrates the importance of understanding executable files and utilizing external tools to modify program behavior in CTF challenges.
Remarks/Tags/Lessons Learned
Lessons Learned:
The
filecommand is useful for identifying the nature of unknown files.Renaming files to remove incorrect extensions can resolve execution issues.
Cheat Engine is a powerful tool for altering runtime values in programs.
Experimentation with program features and hidden elements is key to uncovering solutions in miscellaneous challenges.
Tags: CTF Challenge, Miscellaneous, PE32 Executable, Cheat Engine, Program Manipulation, Flag Extraction.
FORENSICS
Negeri-Negeri Di Malaysia - Steganography and Cipher Decoding
Solution
Files/Link Provided
File:
negeri-negeri-di-malaysia.jpg
Tools/Method Used
Aperisolve: For analyzing the image file. (Aperisolve)
CyberChef: For decoding the extracted ciphertext. (CyberChef)
Goals
Analyze the image file to uncover hidden data.
Decode the extracted ciphertext to retrieve the flag.
Solution
Analyzing the File:
Uploaded the
negeri-negeri-di-malaysia.jpgfile to Aperisolve for steganographic analysis.Observed multiple sections in the analysis output.
Found a ciphertext at the end of the strings section.
Decoding the Ciphertext:
Copied the ciphertext from the Aperisolve output.
Pasted it into CyberChef to test decoding methods.
Applied the appropriate decoding recipe in CyberChef to reveal the flag.
Final Answer
FLAG: 3108{B2148ED1A1E_A228DD33_363B6D1134_063B59B62DB}
Summary
By analyzing the negeri-negeri-di-malaysia.jpg file in Aperisolve, a ciphertext was discovered in the strings section. Decoding this ciphertext using CyberChef revealed the flag. This challenge highlights the integration of steganography tools and decoding platforms in solving CTF challenges.
Remarks/Tags/Lessons Learned
Lessons Learned:
Tools like Aperisolve are crucial for identifying hidden data within image files.
Ciphertexts found in steganography challenges often require specialized decoders like CyberChef.
Systematically reviewing analysis outputs can uncover hidden clues.
Combining multiple tools is often necessary for solving layered challenges.
Tags: CTF Challenge, Steganography, Cipher Decoding, Aperisolve, CyberChef, Hidden Data, Flag Extraction.
Hatta - Image Analysis and Binary Decoding
Solution
Files/Link Provided
File:
hatta.jpg
Tools/Method Used
Aperisolve: For analyzing the image file. (Aperisolve)
Binary Decoder: For decoding the binary-like text. (RapidTables Binary to Text)
Goals
Analyze the image file to uncover hidden data.
Decode the extracted binary-like text to retrieve the flag.
Solution
Analyzing the File:
Opened the
hatta.jpgfile to observe a meme picture.Uploaded the file to Aperisolve for steganographic analysis.
Inspecting the Strings Section:
Scrolled through the strings section of Aperisolve’s output.
Found a cipher text consisting of dots (
.) and slashes (/).
Identifying the Cipher:
Recognized that the text did not match Morse code, as it contained slashes instead of dashes.
Decided to convert dots to
0and slashes to1, creating a binary sequence.
Decoding the Binary Sequence:
Input the converted binary sequence into a Binary Decoder.
Decoded the binary sequence to reveal the flag.
Final Answer
FLAG: 3108{k3cil_cili_p4di}
Summary
By analyzing the hatta.jpg file in Aperisolve and converting the dots and slashes into binary, the hidden flag was successfully decoded using a Binary Decoder. This challenge highlights the importance of creative thinking in identifying and interpreting unconventional ciphers.
Remarks/Tags/Lessons Learned
Lessons Learned:
Steganographic tools like Aperisolve are essential for identifying hidden clues in images.
Cipher texts with unconventional symbols may require format conversion before decoding.
Binary decoding is a versatile technique in CTF challenges involving hidden text.
Systematic exploration of analysis outputs can uncover non-obvious patterns.
Tags: CTF Challenge, Steganography, Aperisolve, Binary Decoding, Hidden Data, Flag Extraction.
OSINT
Pertemuan Kapista : Babak I - Social Media Investigation
Solution
Files/Link Provided
Starting Point: YouTube Video
Tools/Method Used
YouTube: For analyzing the video.
Social Media Search: For locating the specified username.
Goals
Follow the clues provided in the video to identify the social media account.
Locate the flag hidden in the account’s content.
Solution
Analyzing the YouTube Video:
Watched the video linked in the provided URL.
Noted the instruction to find a social media account with the username
@madah4arjuna.
Searching for the Username:
Searched for
@madah4arjunaacross social media platforms.Located the username on Twitter.
Inspecting the Twitter Account:
Opened the account and reviewed its posts.
Found the flag in the latest post.
Final Answer
FLAG: 3108{angka_keramat}
Summary
By following the clue from the YouTube video, the social media account @madah4arjuna was located on Twitter. The flag was successfully retrieved from the account’s latest post. This challenge demonstrates the use of cross-platform investigation in CTF challenges.
Remarks/Tags/Lessons Learned
Lessons Learned:
Clues in multimedia content can guide the investigation process across different platforms.
Social media accounts can serve as repositories for hidden information in CTF challenges.
Systematic searching and reviewing of content are essential for solving investigative challenges.
Tags: CTF Challenge, Social Media, YouTube, Twitter, Investigation, Flag Retrieval.
Hero Melayu - Lyrics and Hashtags Investigation
Solution
Files/Link Provided
Provided Content: Song lyrics and hashtags.
Tools/Method Used
Search Engines: For investigating the song lyrics and hashtags.
TikTok: For locating the specified content.
Goals
Use the provided song lyrics and hashtags to locate relevant content.
Investigate the content for clues leading to the flag.
Solution
Analyzing the Provided Information:
Reviewed the song lyrics and noted the hashtags provided.
Interpreted the task as requiring a search using these elements.
Searching for the Hashtag:
Searched for the hashtag on TikTok.
Located a TikTok account matching the hashtag name.
Inspecting the TikTok Account:
Opened the account and reviewed its videos.
Found the flag embedded in the third video.
Final Answer
FLAG: 3108{m3d14_m4ss4l4h}
Summary
By utilizing the song lyrics and hashtags, the relevant TikTok account was identified. The flag was successfully retrieved from the account’s third video. This challenge highlights the integration of social media platforms in investigative CTF challenges.
Remarks/Tags/Lessons Learned
Lessons Learned:
Hashtags are powerful tools for narrowing down searches on social media platforms.
Combining multiple clues, such as lyrics and hashtags, can provide clear investigative paths.
TikTok and other social media platforms are increasingly used as part of CTF challenges.
Tags: CTF Challenge, TikTok, Hashtags, Social Media Investigation, Flag Retrieval.
Kisah Lama - Retrieving Expired Content via Wayback Machine
Solution
Files/Link Provided
Tools/Method Used
Wayback Machine: For accessing archived versions of the provided link. (Wayback Machine)
Goals
Recover the expired content from the provided Pastebin link.
Extract the flag from the archived page.
Solution
Accessing the Link:
Opened the provided Pastebin URL: https://pastebin.com/nWeJzwsp.
Observed that the page was no longer available and had expired.
Using the Wayback Machine:
Navigated to the Wayback Machine website.
Pasted the Pastebin URL into the search bar to check for archived versions.
Found an archived capture dated August 23, 2023.
Retrieving the Archived Content:
Opened the archived version of the page.
Located and extracted the flag from the retrieved content.
Final Answer
FLAG: 3108{r3d4_d4r1_kis4h_l4m4}
Summary
By utilizing the Wayback Machine, the expired content from the provided Pastebin link was successfully recovered. The flag was extracted from the archived capture. This challenge demonstrates the importance of web archiving tools in retrieving historical data.
Remarks/Tags/Lessons Learned
Lessons Learned:
Expired or deleted web content can often be recovered using tools like the Wayback Machine.
Checking timestamps and browsing historical snapshots can provide valuable insights in investigative challenges.
Utilizing alternative methods and tools is crucial when direct access to resources is unavailable.
Tags: CTF Challenge, Wayback Machine, Web Archiving, Pastebin, Historical Data Retrieval, Flag Extraction.
Pertemuan Kapista : Babak II - Multi-Tap Phone Cipher Flag Retrieval
Solution
Files/Link Provided
Twitter Account:
@madah4arjuna
Tools/Method Used
Cipher Identifier: For identifying the cipher type. (dCode Cipher Identifier)
Multi-Tap Phone Decoder: For decoding the numbers. (dCode Multi-Tap Decoder)
Telegram: For accessing the specified account.
Goals
Decode the numbers from the Twitter posts.
Locate the referenced Telegram account and retrieve the flag.
Solution
Analyzing the Twitter Posts:
Reviewed the last two posts on the
@madah4arjunaTwitter account.Noted a sequence of numbers in each post that appeared unusual.
Identifying the Cipher:
Input the number sequences into Cipher Identifier.
The tool identified the cipher as a Multi-Tap Phone (SMS) cipher.
Decoding the Numbers:
Used a Multi-Tap Phone Decoder to decode the sequences.
The result revealed a Telegram account username.
Locating the Telegram Account:
Searched for the decoded username on Telegram.
Found the account and discovered the flag in its messages.
Final Answer
FLAG: 3108{Hassan_Tapa}
Summary
By analyzing the Twitter posts from @madah4arjuna, the Multi-Tap Phone cipher was identified and decoded to reveal a Telegram account username. Accessing the Telegram account led directly to the flag. This challenge showcases the integration of multiple platforms and cipher types in CTF challenges.
Remarks/Tags/Lessons Learned
Lessons Learned:
Multi-Tap Phone ciphers are a creative way to encode messages and can be easily decoded using specialized tools.
Cross-platform challenges require attention to detail when moving between social media and communication apps.
Combining multiple tools, such as Cipher Identifier and decoders, is essential for solving layered CTF puzzles.
Tags: CTF Challenge, Multi-Tap Cipher, Twitter, Telegram, Cipher Decoding, Cross-Platform Investigation, Flag Retrieval.
Mesej Dalam Botol - Rot Cipher and Password-Protected Archive
Solution
Files/Link Provided
Files:
bahtera_si_pelayar.jpg,BOTOL.rar
Tools/Method Used
Image Viewer: For analyzing the
.jpgfile.Archive Extractor: For extracting the contents of the
.rarfile.Cipher Identifier: For detecting the cipher type. (dCode Cipher Identifier)
Rot Cipher Decoder: For decrypting the ciphertext.
Goals
Extract the password-protected image file from the
.rararchive.Decode the ciphertext found in the image to retrieve the flag.
Solution
Analyzing the
.jpgFile:Opened the
bahtera_si_pelayar.jpgfile and reversed the image.Found the name of the ship:
BAHTERAPERTIWI.
Unlocking the
.rarFile:Based on the challenge description, the password format was
NAMA_TAHUN.Combined the ship’s name with the year in the description to form the password:
BAHTERAPERTIWI_2014.Used the password to unlock the
BOTOL.rarfile and extracted the image inside.
Analyzing the Extracted Image:
Opened the extracted image and found a ciphertext on the left side.
Used Cipher Identifier to analyze the text, which suggested a Rot Cipher.
Decrypting the Ciphertext:
Used a Rot Cipher decoder to bruteforce the ciphertext.
Found a result similar to the flag format:
3V08{D3WV~KVR4N4}.
Correcting the Flag Format:
Recognized discrepancies in the decoded result and manually adjusted the characters to match the expected format.
Replaced
Vwith1and~with_, resulting in the final flag.
Final Answer
FLAG: 3108{D3W1_K1R4N4}
Summary
By reversing the .jpg file and using the extracted name and year as the password, the .rar file was unlocked. The ciphertext from the extracted image was analyzed and decoded using a Rot Cipher, and manual adjustments were made to complete the flag. This challenge highlights the importance of combining cryptographic techniques and logical reasoning in CTF challenges.
Remarks/Tags/Lessons Learned
Lessons Learned:
Password formats based on hints (e.g.,
NAMA_TAHUN) provide clues for unlocking protected files.Cipher Identifier tools are invaluable for quickly determining cipher types.
Combining automated decryption with manual adjustments ensures accurate flag reconstruction.
Tags: CTF Challenge, Rot Cipher, Password-Protected Archive, Cipher Identifier, Manual Decoding, Flag Retrieval.
Pertemuan Kapista : Finale - Instagram Investigation and Pastebin
Solution
Files/Link Provided
Source: Telegram channel with information about Hassan Tapa.
Tools/Method Used
Instagram: For locating additional clues.
CyberChef: For decoding the base64 ciphertext. (CyberChef)
Pastebin: For accessing the hidden flag.
Goals
Follow the clues from the Telegram channel to locate Hassan Tapa’s Instagram account.
Decode the ciphertext and retrieve the flag from the password-protected Pastebin link.
Solution
Following the Telegram Clue:
Identified the hint about Hassan Tapa’s latest picture and location on Instagram.
Found Hassan Tapa’s Instagram account.
Inspecting the Instagram Posts:
Reviewed the first post, which contained a ciphertext:
aHR0cHM6Ly9wYXN0ZWJpbi5jb20vd3ZheHhFMGI=.Decoded the base64 ciphertext using CyberChef.
Decoding the Ciphertext:
Entered the ciphertext into CyberChef and selected the Base64 decode operation.
Decoded result:
https://pastebin.com/wvaxxE0b.
Accessing the Pastebin Link:
Visited the Pastebin URL, which was password-protected.
Analyzed Hassan Tapa’s Instagram posts for potential passwords.
Found a date with a question mark in one of the posts.
Testing Passwords:
Tried several date formats as passwords, such as
31/08/202?,31/08/2023, and3108202?.Successfully unlocked the Pastebin using
31082023.
Retrieving the Flag:
Extracted the flag from the unlocked Pastebin content.
Final Answer
FLAG: 3108{Pulau_Mabul}
Summary
By following the clues from the Telegram channel to Hassan Tapa’s Instagram account, a ciphertext was found and decoded to reveal a Pastebin URL. The password-protected Pastebin was unlocked using a date format deduced from Instagram posts, successfully revealing the flag. This challenge highlights the integration of social media investigation and cryptographic decoding in CTF challenges.
Remarks/Tags/Lessons Learned
Lessons Learned:
Combining clues from multiple platforms (e.g., Telegram, Instagram) is crucial for solving layered challenges.
Base64 encoding is a common method for concealing URLs and can be easily decoded with tools like CyberChef.
Analyzing dates or patterns in social media posts can provide critical hints for unlocking protected content.
Persistence in testing password variations is often necessary to overcome access restrictions.
Tags: CTF Challenge, Social Media Investigation, Instagram, Telegram, Pastebin, Base64 Decoding, Password-Protected Content, Flag Retrieval.
Saya Di Mana - Location Investigation
Solution
Files/Link Provided
File:
saya_dimana.jpgClue: Reference to the place where Tuanku Abdul Rahman was welcomed.
Tools/Method Used
Online Research: For identifying the location.
Image Comparison: For verifying the location using the provided image.
Goals
Use the given clue and image to identify the location.
Verify the location to retrieve the flag.
Solution
Analyzing the Clue:
The clue referenced the location where Tuanku Abdul Rahman was welcomed.
Conducted research and identified the location as Dataran Pahlawan Melaka.
Researching Dataran Pahlawan:
Searched for images and reviews related to Dataran Pahlawan.
Compared the images with the provided
saya_dimana.jpgfile.
Verifying the Location:
Found an exact match of the image in a review about Dataran Pahlawan.
Confirmed the location as the one referenced in the clue.
Retrieving the Flag:
Extracted the flag associated with the identified location.
Final Answer
FLAG: 3108{d4tar4n_p4hl4w4n}
Summary
By interpreting the given clue and conducting online research, the location was identified as Dataran Pahlawan Melaka. Verification using the saya_dimana.jpg file confirmed the location, successfully leading to the flag. This challenge highlights the importance of combining historical references and image analysis in CTF challenges.
Remarks/Tags/Lessons Learned
Lessons Learned:
Historical clues often require background research to uncover specific locations.
Image comparison is a reliable method for verifying locations in investigative challenges.
Exploring reviews and online content can provide additional context for solving location-based puzzles.
Tags: CTF Challenge, Historical Reference, Image Analysis, Location Verification, Flag Retrieval.
Last updated