3108 Bahtera Siber 2023
Writeup by TFS
Last updated
Writeup by TFS
Last updated
Inspect Element: Used to explore the website’s source code.
Cipher Identifier: For analyzing ciphertext. (Cipher Identifier)
ASCII Converter: For decoding ASCII-based ciphertext. (ASCII Converter)
Identify potential security flaws in the website.
Retrieve the flag hidden in the authentication mechanism.
Inspecting the Website:
Accessed the website via the provided URL.
Opened the "Inspect Element" tool to explore the website's code.
Navigated to the "Sources" tab and found a file named auth.js.
Examined the file and discovered credentials (username and password) along with a suspicious-looking number.
Analyzing the Number:
Copied the number to investigate its significance.
Used the Cipher Identifier tool to determine the encoding or cipher type.
Identified the number as an ASCII Code cipher.
Decoding the Cipher:
Pasted the ciphertext into an ASCII Converter.
Decoded the ASCII values to reveal the hidden flag.
FLAG: 3108{p4ssw0rd_l3m4h!}
By examining the source code of the website and utilizing cipher identification and ASCII decoding tools, the flag was successfully retrieved. This demonstrates the importance of securing sensitive files and data against client-side exposure.
Lesson Learned: Always avoid embedding sensitive credentials directly in client-side code like auth.js.
Tags: Security Flaws, Web Application Security, Cryptography, ASCII Decoding, Client-Side Vulnerabilities.
Inspect Element: Used to explore the website’s source code.
Base64 Decoder: For decoding Base64-encoded cookie values.
Interact with the website to trigger a potential flag.
Analyze cookies to retrieve the hidden flag.
Interacting with the Website:
Accessed the website via the provided URL.
Played the "batu, kertas, gunting" (rock, paper, scissors) game repeatedly until reaching 10 rounds.
Inspecting the Source Code:
Opened the "Inspect Element" tool to explore the website's source code.
Found a file named getFlag.php in the sources, which revealed cookie values labeled as "Biskut."
Decoding the Cookie:
Noted that all cookie values were encoded in Base64.
Copied the cookie value and used a Base64 Decoder to decode it.
Successfully retrieved the flag from the decoded value.
FLAG: 3108{biskut_marie}
By engaging with the website’s game feature and analyzing the cookies via the source code, the flag was extracted. This highlights the significance of securing sensitive data such as cookies from easy access and decoding.
Lessons Learned:
Reaching a specific game state (10 rounds) can unlock hidden functionality or resources in a CTF challenge.
Client-side code often exposes critical clues, such as file names (getFlag.php) or variable labels (Biskut), that can guide exploitation.
Cookies can store sensitive data, and understanding their encoding method (e.g., Base64) is key to exploitation.
Decoding Base64 is a common step in CTF challenges, emphasizing the importance of familiarity with standard encoding methods.
The process reinforces the importance of persistence—interacting repeatedly with a target can reveal exploitable patterns or hidden features.
Tags: CTF Challenge, Cookie Exploitation, Base64 Decoding, Inspect Element, Game State Manipulation, Web Security.
Inspect Element: Used to explore the website’s source code.
JavaScript Editing: For modifying the game logic.
Base64 Decoder: For decoding Base64-encoded cookie values.
Bypass the game’s unbeatable condition to reach the winning state.
Analyze cookies to retrieve the hidden flag.
Interacting with the Website:
Accessed the website via the provided URL.
Played the "batu, kertas, gunting" (rock, paper, scissors) game.
Observed that the game gets stuck at 9 wins, making it impossible to reach 10 wins.
Inspecting the Source Code:
Opened the "Inspect Element" tool to explore the website's source code.
Located the script.js file, which contains the game logic.
Found a condition that triggers an unbeatable state if the player reaches 9 wins.
Modifying the Game Logic:
Edited the script.js file directly in the browser.
Changed the condition from if 9 to if 11 to bypass the unbeatable state.
Winning the Game:
Continued clicking "batu," "kertas," or "gunting" until reaching 10 wins.
Observed that cookies appeared after reaching 10 wins.
Decoding the Cookie:
Noted that the cookie value was encoded in Base64.
Copied the cookie value and used a Base64 Decoder to decode it.
Successfully retrieved the flag from the decoded value.
FLAG: 3108{biskut_tiger}
By modifying the game logic in the website’s JavaScript file, the unbeatable condition was bypassed, allowing the user to reach 10 wins and retrieve the cookies. Decoding the cookies revealed the flag, highlighting the importance of securing client-side code.
Lessons Learned:
Analyzing JavaScript files in client-side code can reveal game logic and exploitable conditions.
Modifying client-side scripts in the browser is a powerful technique for bypassing restrictions in CTF challenges.
Identifying and altering specific conditions (e.g., changing if 9 to if 11) can neutralize intentional barriers.
Reaching specific game states often triggers hidden cookies or resources.
Base64 decoding remains a common method for extracting sensitive data in CTF challenges.
Tags: CTF Challenge, JavaScript Exploitation, Game Logic Bypass, Base64 Decoding, Inspect Element, Client-Side Security.
Placeholder Input: For entering the correct pantun.
Google Search: For finding the correct pantun to use.
Browser Console: For executing JavaScript functions.
Input the correct pantun to trigger the next step in the challenge.
Use the discovered function to reveal the flag.
Interacting with the Website:
Accessed the website via the provided URL.
Observed a placeholder field requiring a pantun (traditional Malay poem) as input.
Searched online to find the correct pantun matching the challenge’s context.
Triggering the Next Step:
Entered the correct pantun in the placeholder field.
Submitted the input, prompting a text response from the website.
Analyzed the response, which hinted at a function named bendera().
Using the bendera() Function:
Opened the browser’s developer tools and navigated to the console.
Executed the bendera() function directly in the console.
Observed that the function revealed the flag.
FLAG: 3108{pantun1337kerat}
By identifying and entering the correct pantun, the website provided a clue about the bendera() function. Executing this function in the console successfully revealed the flag. This process demonstrates the importance of examining website responses and utilizing browser developer tools effectively.
Lessons Learned:
Understanding cultural or thematic elements (e.g., pantun) can be crucial in solving CTF challenges.
Website responses often include subtle hints (e.g., bendera()) that guide the next steps.
The browser console is a powerful tool for executing hidden or hinted JavaScript functions.
Combining traditional knowledge with technical analysis can lead to successful exploitation.
Tags: CTF Challenge, JavaScript Functions, Browser Console, Placeholder Exploitation, Cultural Elements in CTFs, Client-Side Analysis.
File: perwira
Decompiler: For analyzing the perwira binary file.
Dogbolt: Online decompilation tool to understand binary code. (Dogbolt)
Reverse engineer the provided file to identify the flag.
Uploading the File:
Downloaded the perwira file provided in the challenge.
Recognized that the challenge was categorized under Reverse Engineering (RE).
Selected an appropriate tool, Dogbolt, for decompilation.
Analyzing the Decompiled Code:
Uploaded the perwira file to Dogbolt.
Examined the decompiled output to understand the code structure and logic.
Observed patterns and specific segments of code that appeared relevant to the flag.
Identifying the Flag:
While reviewing the decompiled code, located a segment containing the flag.
Extracted the flag from the identified section of the code.
FLAG: 3108{r3nt4p}
By decompiling the perwira file using Dogbolt, the flag was successfully identified within the binary's code structure. This demonstrates the effectiveness of using decompilation tools for Reverse Engineering challenges.
Lessons Learned:
Decompilers like Dogbolt are crucial for analyzing binary files in Reverse Engineering challenges.
Understanding the code logic and identifying patterns can lead to the flag's location.
Categorization of challenges (e.g., RE) helps in selecting the appropriate tools and methods.
Online tools provide quick and accessible solutions for decompilation.
Tags: CTF Challenge, Reverse Engineering, Decompilation, Dogbolt, Binary Analysis, Flag Extraction.
File: chall
Decompiler: For analyzing the chall binary file.
Dogbolt: Online decompilation tool to examine code logic. (Dogbolt)
Custom Python Script: To reverse the encryption logic.
Analyze the encryption mechanism in the provided binary.
Reverse the encryption to retrieve the flag.
Scanning the Binary:
Downloaded the chall file provided in the challenge.
Uploaded the file to Dogbolt for decompilation.
Examined the decompiled code and identified a function that encrypts input using a combination of a Caesar cipher and XOR operations.
Understanding the Encryption Logic:
The encrypt function rotates characters using a Caesar cipher approach.
Each character is XORed with 0x31 after the rotation.
The program compares the encrypted input to a predefined sequence.
Decryption Logic:
Reversed the XOR operation by XORing each encrypted byte with 0x31.
Undid the Caesar cipher-style rotation using the following Python function:
def reverse_rotation_v2(char):
if 'A' <= char <= 'Z':
orig_val = (ord(char) - 0x41) % 26
return chr(orig_val + 0x39)
elif 'a' <= char <= 'z':
orig_val = (ord(char) - 0x61) % 26
return chr(orig_val + 0x59)
return charImplemented the complete decryption using the extracted data:
def get_flag_v2():
# Extracted data from var_b8 and adjacent memory
encrypted_data = [0x01, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x4a, 0x00, 0x00, 0x00, 0x7b, 0x00, 0x00, 0x00,
0x05, 0x00, 0x00, 0x00, 0x67, 0x00, 0x00, 0x00, 0x7e, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
0x78, 0x00, 0x00, 0x00, 0x6e, 0x00, 0x00, 0x00, 0x64, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
0x6b, 0x00, 0x00, 0x00, 0x7d, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x62, 0x00, 0x00, 0x00,
0x05, 0x00, 0x00, 0x00]
# Reverse the XOR operation
decrypted_data = [chr(byte ^ 0x31) for byte in encrypted_data if byte != 0x00]
# Reverse the Caesar cipher-style rotation
flag = ''.join([reverse_rotation_v2(char) for char in decrypted_data])
return flag
flag = get_flag_v2()
print(flag)Extracting the Flag:
Executed the script to reverse the encryption logic.
Retrieved the flag from the output.
FLAG: 3108{B4NG5A_M3RD3K4}
By analyzing the chall binary in Dogbolt, the encryption logic was understood and reversed. Using a Python script to decrypt the data, the flag was successfully retrieved. This challenge highlights the importance of understanding encryption mechanisms like Caesar cipher and XOR in Reverse Engineering challenges.
Lessons Learned:
Binary analysis tools like Dogbolt are essential for decompiling and understanding code logic.
Combining Caesar cipher rotation with XOR is a common encryption pattern in CTF challenges.
Reversing XOR and Caesar cipher operations requires a step-by-step approach to reconstruct the original data.
Memory inspection can provide critical data required for decryption.
Tags: CTF Challenge, Reverse Engineering, Caesar Cipher, XOR Encryption, Python Scripting, Dogbolt, Flag Extraction.
File: chall2
Decompiler: For analyzing the chall2 binary file.
Dogbolt: Online decompilation tool for reverse engineering. (Dogbolt)
Custom Python Script: For simulating the sub_11e9 function and extracting the flag.
Analyze the binary to understand its functionality.
Simulate the function sub_11e9 with the correct argument to retrieve the flag.
Analyzing the Binary:
Downloaded the chall2 file provided in the challenge.
Uploaded the file to Dogbolt for decompilation.
Noticed a condition in the code: (arg1 != 0xdeadbeef) which prevents a loop from executing if not satisfied.
Understanding the Functionality:
Identified the sub_11e9 function as critical for assembling the flag.
Observed that passing arg1 = 0xdeadbeef allows the function to iterate through a string and combine specific characters.
Simulating the Function:
Recreated the logic of the sub_11e9 function in Python to simulate its behavior:
def get_flag():
flag_string = "304t3rop1bRE04A&8nd9{_srPJh)31NbnwiDdA12E_t0kr*&44QcRGIu_AhGK}A"
flag_output = ""
for var_1c in range(1, 0x20):
index = (var_1c << 2) % len(flag_string)
flag_output += flag_string[index]
return flag_output
flag = get_flag()
print(flag)Extracting the Flag:
Executed the script to simulate the function’s behavior.
Retrieved the flag from the output of the simulation.
FLAG: 3108{P3ndEk4R_K0rb4n_J1wA_r4GA}
By analyzing the chall2 binary in Dogbolt, the condition blocking the loop was identified. Simulating the sub_11e9 function with the correct argument (0xdeadbeef) allowed for the extraction and assembly of the flag. This challenge showcases the importance of understanding control flow and simulating restricted logic in Reverse Engineering challenges.
Lessons Learned:
Identifying bypass conditions like (arg1 != 0xdeadbeef) is critical in Reverse Engineering.
Simulating function logic is an effective way to understand and exploit program behavior.
Understanding string manipulation and indexing is essential for extracting encoded data.
Recreating program behavior using Python or similar tools can simplify complex analysis.
Tags: CTF Challenge, Reverse Engineering, Simulation, Python Scripting, Dogbolt, Control Flow Analysis, Flag Extraction.
File: Tugu-Negara.png
Steganography Analyzer: For analyzing the PNG file.
Aperisolve: Online tool for steganography analysis. (Aperisolve)
Analyze the PNG file to uncover hidden data.
Extract the flag from the steganographic content.
Analyzing the File:
Downloaded the Tugu-Negara.png file provided in the challenge.
Recognized it as a steganography challenge.
Uploading to Aperisolve:
Uploaded the PNG file to Aperisolve, an online steganography analysis tool.
Allowed Aperisolve to process and scan the file for hidden content.
Reviewing Results:
Browsed through the output provided by Aperisolve.
Found the flag in the zsteg section of the analysis results.
Extracting the Flag:
Copied the flag directly from the zsteg section of the output.
FLAG: 3108{7ugu_n3g4r4}
By leveraging Aperisolve to analyze the Tugu-Negara.png file, the hidden flag was successfully retrieved from the zsteg section. This challenge underscores the utility of specialized tools in identifying and extracting steganographic content efficiently.
Lessons Learned:
Tools like Aperisolve simplify steganography analysis by automating the detection process.
Different sections of the analysis (e.g., zsteg) may reveal crucial data.
Recognizing common file types and their relevance in CTF challenges (e.g., PNG for steganography) speeds up the problem-solving process.
Tags: CTF Challenge, Steganography, Aperisolve, zsteg, Hidden Data, PNG Analysis, Flag Extraction.
File: jalur_gemilang.jpg
Hex Editor: For analyzing and repairing the corrupted JPEG file.
HexEd.it: Online hex editor. (HexEd.it)
Repair the corrupted JPEG file.
View the repaired image to retrieve the flag.
Analyzing the File:
Downloaded the jalur_gemilang.jpg file provided in the challenge.
Observed that the file did not display correctly, indicating corruption.
Inspecting the File in Hex Editor:
Uploaded the file to HexEd.it for detailed analysis.
Examined the file's header and noticed discrepancies compared to the standard JPEG file format.
Correcting the Header:
Replaced the corrupted header with the correct JPEG header values:
Correct JPEG Header: FF D8 FF E0 00 10 4A 46 49 46 00 01Saved the changes to repair the file.
Viewing the Repaired Image:
Reopened the file after correcting the header.
The image displayed correctly, revealing the flag embedded within.
FLAG: 3108{j4lur_g3mil4ng}
By identifying and correcting the corrupted header in the jalur_gemilang.jpg file using HexEd.it, the image was successfully repaired. Viewing the repaired image revealed the hidden flag. This challenge highlights the importance of understanding file formats and using hex editors for digital forensics and CTF challenges.
Lessons Learned:
Understanding standard file headers is crucial for identifying and repairing corrupted files.
Hex editors like HexEd.it are powerful tools for forensic analysis and CTF challenges.
JPEG files have a specific header structure (FF D8 FF E0) that must be intact for proper display.
Repairing corrupted files can uncover hidden data or artifacts crucial for solving challenges.
Tags: CTF Challenge, File Repair, JPEG Header, Hex Editor, HexEd.it, Digital Forensics, Flag Extraction.
Files: flag.txt.enc, nasihat.py
Python Interpreter: For reviewing and running the script.
Thonny: Python IDE for analyzing the nasihat.py script.
Analyze the Python script to extract the password.
Use the extracted password to decrypt the encrypted flag file.
Analyzing the Python Script:
Opened the nasihat.py script using Thonny.
Reviewed the code and identified the following key components:
A str_xor function that performs XOR encryption/decryption.
A decrypt_flag function that reads the encrypted file, applies str_xor with the provided password, and returns the decrypted flag.
The split_password variable, which contains the password in a split string format:
split_password = ("1" + \
"ng4t" + \
"-" + \
"rukun" + \
"-" + \
"n3g4ra")Combined the password fragments to form: 1ng4t-rukun-n3g4ra.
Running the Script:
Executed the nasihat.py script.
When prompted for the password, entered the extracted password: 1ng4t-rukun-n3g4ra.
The script successfully decrypted the flag.txt.enc file using the decrypt_flag function.
Retrieving the Flag:
Observed the decrypted output displayed by the script:
Decrypted flag: 3108{rukun_n3g4r4_adlh_p3nt!ng}FLAG: 3108{rukun_n3g4r4_adlh_p3nt!ng}
By analyzing the nasihat.py script, the password was extracted from the split_password variable and used to decrypt the flag.txt.enc file. The XOR decryption logic within the script allowed for the successful retrieval of the flag. This challenge highlights the importance of understanding encryption mechanisms and reading scripts carefully for clues.
Lessons Learned:
XOR encryption is reversible if the key (password) is known or can be deduced.
Analyzing Python scripts carefully can reveal critical components like hardcoded passwords or encryption logic.
Understanding how to combine string fragments is essential for interpreting obfuscated data in CTF challenges.
Running scripts in a controlled environment (e.g., Thonny) helps validate assumptions and test decryption logic.
Tags: CTF Challenge, XOR Encryption, Python Script, Password Extraction, Thonny, Flag Decryption.
File: Senandung_Lena.txt
Text Editor: For examining the content of the file.
Cipher Identifier: To identify the type of cipher used.
Atbash Decoder: For decoding the ciphertext.
Identify the cipher used in the text file.
Decode the ciphertext and extract the flag using a specified pattern.
Analyzing the File:
Opened the Senandung_Lena.txt file in a text editor.
Observed unusual text that appeared to be encoded.
Identifying the Cipher:
Uploaded the ciphertext to a Cipher Identifier tool.
The tool determined that the text was encoded using an Atbash cipher.
Decoding the Ciphertext:
Used an Atbash Decoder to decode the ciphertext.
Obtained the decoded text, which contained a mix of numbers, uppercase letters, and other characters.
Extracting the Flag:
Noticed a pattern in the flag construction: only numbers and uppercase letters in the decoded text were relevant.
Extracted these characters sequentially to form the flag.
FLAG: 3108{MALAYSIAAMAN}
By analyzing the Senandung_Lena.txt file and identifying the Atbash cipher, the ciphertext was successfully decoded. Recognizing the pattern of numbers and uppercase letters in the decoded text allowed for the construction of the flag. This challenge highlights the importance of both cryptographic tools and pattern recognition in solving encoded challenges.
Lessons Learned:
Tools like Cipher Identifier are invaluable for quickly identifying obscure ciphers.
Atbash is a simple substitution cipher that reverses the alphabet, but it can be tricky without recognition tools.
Pattern recognition in decoded text is often key to extracting flags in CTF challenges.
Systematic decoding and analysis ensure no details are overlooked.
Tags: CTF Challenge, Atbash Cipher, Cipher Identifier, Flag Extraction, Cryptography, Pattern Recognition.
File: keretaapitanahmelayu.txt
Rail Fence Cipher Decoder: For decoding the initial cipher text. (Boxentriq Rail Fence Decoder)
Base64 Decoder: For decoding the Base64-encoded text. (RapidTables Base64 Decoder)
Decode the Rail Fence Cipher from the text file.
Decode the Base64-encoded content to extract the flag.
Analyzing the File:
Opened the keretaapitanahmelayu.txt file in a text editor.
Observed a mix of readable text and cipher text.
Identifying the Cipher:
Based on the challenge name "Keretapi" and its cryptography category, suspected a Rail Fence Cipher.
Uploaded the cipher text to the Boxentriq Rail Fence Decoder and successfully decoded the first layer of the cipher.
Decoding the Rail Fence Output:
Identified that the decoded text partially revealed the flag format (3108) but contained additional encoded content.
Noticed the encoded content ended with ==, which is a common indicator of Base64 encoding.
Decoding the Base64 Content:
Copied the encoded portion into the RapidTables Base64 Decoder.
Decoded the text to reveal the full flag.
FLAG: 3108{hujanemasdinegerioranghujanbatudinegerisendiri}
By recognizing the Rail Fence Cipher based on the challenge name and decoding the text, the second layer of encoding (Base64) was revealed. Decoding the Base64 content successfully extracted the flag. This challenge demonstrates the importance of layered decoding and recognizing cipher patterns in cryptography challenges.
Lessons Learned:
Challenge names often provide hints about the type of cipher or method used.
Rail Fence Cipher is a transposition cipher that can be decoded using online tools like Boxentriq.
Base64 encoding is commonly used in CTF challenges and is recognizable by its == padding at the end of the encoded string.
Combining multiple decoding techniques can uncover layered encryption strategies.
Tags: CTF Challenge, Rail Fence Cipher, Base64 Decoding, Layered Encryption, Cryptography, Flag Extraction.
File: Jerebu.png
Music Note Cipher Decoder: For decoding the musical notes in the image. (dCode Music Sheet Cipher Decoder)
Decode the musical notes from the image to extract the hidden flag.
Analyzing the File:
Opened the Jerebu.png file, which displayed a sheet of musical notes.
Recognized that the challenge category was cryptography, prompting further investigation.
Identifying the Cipher:
Performed a quick Google search for "Music Note Cipher."
The first result led to the dCode Music Sheet Cipher Decoder, confirming the cipher type.
Decoding the Ciphertext:
Uploaded the musical notes to the dCode Music Sheet Cipher Decoder.
Decoded the first line of notes and identified that the text corresponded to lyrics from the song Hijau by Zainal Abidin.
Finding the Flag:
Noticed that decoding the entire text would take significant time.
Focused on searching for the flag pattern (3108) within the ciphertext.
Located the flag in the middle of the notes, starting from a distinct ‘o.’
Decoded the middle portion of the notes to extract the flag.
FLAG: 3108{P3RJ4NJNASEAN}
By recognizing the Music Note Cipher in Jerebu.png and leveraging the dCode Music Sheet Cipher Decoder, the flag was successfully extracted from the middle portion of the notes. This challenge highlights the importance of efficiently identifying and targeting specific sections of encoded data when faced with large ciphertexts.
Lessons Learned:
Recognizing cipher types based on visual cues (e.g., musical notes) is critical in cryptography challenges.
Online tools like dCode simplify the process of decoding specialized ciphers.
Efficiently narrowing down and focusing on relevant sections of ciphertext can save time and effort.
CTF challenges often include cultural or thematic elements (e.g., song lyrics) that can provide additional context.
Tags: CTF Challenge, Music Note Cipher, dCode, Cryptography, Efficient Decoding, Flag Extraction.
File: 1957bit.txt
XOR Decoder: For decoding the binary using a key. (dCode XOR Cipher Decoder)
Decode the binary content in the file using the key derived from the challenge description.
Analyzing the File:
Opened the 1957bit.txt file, which contained a long sequence of binary data.
The challenge description included the phrase: "1957 bukan angka semata, ia kunci" ("1957 is not just a number, it is a key"), suggesting that 1957 is the key to decode the binary.
Identifying the Decryption Method:
Recalled that binary sequences are commonly decoded using XOR with a key.
Selected the dCode XOR Cipher Decoder to perform the decoding.
Decoding the Binary:
Input the binary sequence from the file into the XOR Decoder tool.
Used 1957 as the key for decoding.
The tool successfully decoded the binary and revealed the flag.
FLAG: 3108{MT832Jf4MMUxKCj53LCjyKYwQZYVdGXyNzZQuKQSGB7bMuHZFgfBu64cr7UjDnYjbjAZZG8}
By recognizing the hint in the challenge description and applying the XOR Cipher Decoder with the key 1957, the binary in 1957bit.txt was successfully decoded to reveal the flag. This challenge demonstrates the importance of understanding binary encoding and leveraging XOR decryption techniques in cryptography challenges.
Lessons Learned:
Challenge descriptions often contain subtle hints that guide the decoding process.
XOR is a commonly used cipher in CTF challenges for binary data.
Tools like dCode's XOR Cipher Decoder simplify the decoding of binary sequences.
Applying logical reasoning to interpret key phrases can lead to efficient problem-solving.
Tags: CTF Challenge, XOR Cipher, Binary Decoding, dCode, Cryptography, Flag Extraction.
File: whut.pcapng
Wireshark: For analyzing the packet capture file.
Analyze HTTP packets in the provided pcapng file to uncover the hidden word.
Use the extracted information to retrieve the flag.
Analyzing the File:
Opened the whut.pcapng file in Wireshark.
Read the challenge description, noting that the information submitted by "Johan" would be relevant.
Filtering HTTP Packets:
Applied a filter for HTTP packets to narrow down the data.
Identified interesting packets related to browsing activity, specifically HTTP POST requests.
Following the TCP Stream:
Selected a packet with HTTP POST data and followed its TCP stream.
Found binary text within the payload of the POST request.
Decoding the Binary Text:
Combined all binary text from the relevant streams.
Decoded the binary to reveal a plaintext string, which appeared to be a URL.
Removed extraneous characters from the decoded text to construct the valid URL.
Visiting the Website:
Accessed the decoded website.
Found the flag displayed on the webpage.
FLAG: 3108{KU4L4_LUMPUR}
By filtering HTTP packets in Wireshark and analyzing the binary text in the TCP stream of POST requests, the hidden URL was constructed. Visiting the URL revealed the flag. This challenge demonstrates the importance of understanding network protocols and decoding techniques in analyzing packet captures.
Lessons Learned:
HTTP filtering in Wireshark is a powerful way to isolate relevant traffic in packet capture files.
Following TCP streams can reveal hidden data, such as binary text, embedded in HTTP requests.
Decoding binary data and interpreting its structure is key to solving network-related CTF challenges.
Post-analysis steps, such as visiting extracted URLs, can lead directly to the flag.
Tags: CTF Challenge, Wireshark, HTTP Analysis, TCP Stream, Binary Decoding, Network Traffic, Flag Extraction.
File: ez.pcapng
Wireshark: For analyzing the packet capture file.
Analyze HTTP packets in the provided pcapng file to locate the flag.
Analyzing the File:
Opened the ez.pcapng file in Wireshark.
Based on the challenge description, focused on browsing activity by "Johan."
Filtering HTTP Packets:
Applied an HTTP filter in Wireshark to isolate relevant traffic.
Observed multiple HTTP requests in the filtered results.
Inspecting the HTTP POST Request:
Selected the first HTTP POST request, as it often contains user-submitted data.
Examined the packet details and identified the flag embedded in the request payload.
FLAG: 3108{P4TR0T1C}
By applying an HTTP filter in Wireshark and inspecting the POST request payload, the flag was quickly identified. This challenge demonstrates the utility of focusing on specific protocols and request types when analyzing packet capture files.
Lessons Learned:
Filtering for HTTP traffic in Wireshark narrows down irrelevant data, making analysis more efficient.
HTTP POST requests often contain valuable user-submitted data that can lead to the flag.
Analyzing packet payloads provides direct insights into hidden or encoded information.
Tags: CTF Challenge, Wireshark, HTTP Analysis, POST Request, Network Traffic, Flag Extraction.
File: Provided network capture file.
Wireshark: For analyzing the packet capture file and exporting HTTP objects.
Analyze HTTP traffic to uncover hidden data.
Extract and combine relevant objects to retrieve the flag.
Analyzing the File:
Opened the provided network capture file in Wireshark.
Read the challenge description, which hinted at hidden history remains around Kuala Lumpur.
Filtering HTTP Packets:
Applied an HTTP filter to narrow down the packet list.
Observed numerous HTTP packets with intriguing references, such as titles of pictures.
Exporting HTTP Objects:
Used File > Export Objects > HTTP in Wireshark to export all HTTP objects.
Saved the exported files for further inspection.
Inspecting Exported Files:
Reviewed the extracted files, including flag.txt, galeri.png, and .----%2520-----.pdf.
Found fragments of the flag written across these files.
Combining the Flag:
Consolidated the information from the exported files to form the complete flag.
FLAG: 3108{B4P4_M4L4YS1A}
By filtering HTTP traffic and exporting objects from the packet capture file, the hidden flag was successfully retrieved from multiple files. This challenge highlights the importance of leveraging Wireshark’s export features and systematically inspecting extracted data.
Lessons Learned:
Exporting HTTP objects in Wireshark is an effective way to retrieve hidden data embedded in network captures.
Combining fragmented data from multiple sources can lead to the complete solution in CTF challenges.
HTTP filters are a recurring and powerful tool for narrowing down relevant traffic in packet analysis.
Tags: CTF Challenge, Wireshark, HTTP Analysis, Export Objects, File Inspection, Flag Extraction.
Web Browser: For accessing the provided URL and downloading resources.
Wireshark: For analyzing the handshake .cap file.
Aircrack-ng: For cracking the WPA handshake using the wordlist.
Extract and analyze the files from the provided link.
Use the wordlist and .cap file to crack the WPA handshake and retrieve the flag.
Accessing the URL:
Visited the provided URL, which contained a MediaFire link.
Combined the URLs to form the download link: https://app.mediafire.com/stc0yhefz10a6.
Downloaded the folder named 3108, which contained two files: 3108.txt and handshake.cap.
Analyzing the Files:
Opened 3108.txt, which resembled a wordlist.
Loaded handshake.cap in Wireshark to analyze its contents.
Observed the presence of an SSID named CrackMeFirst, indicating a WPA handshake capture.
Cracking the Handshake:
Used Aircrack-ng on Kali Linux to crack the handshake with the provided wordlist:
aircrack-ng -w 3108.txt -b <BSSID> handshake.capReplaced <BSSID> with the identified BSSID from Wireshark.
Successfully cracked the password, revealing the flag.
FLAG: 3108{K3H4RM0N14N}
By downloading and analyzing the provided resources, the WPA handshake was cracked using Aircrack-ng and the accompanying wordlist. This challenge demonstrates the integration of network traffic analysis and cracking tools in solving wireless security challenges.
Lessons Learned:
Combining URLs can lead to hidden resources for challenge progression.
Wireshark is invaluable for identifying critical data in .cap files, such as SSIDs and BSSIDs.
Aircrack-ng is a powerful tool for WPA handshake cracking when paired with an effective wordlist.
Efficient file inspection and tool usage are crucial for solving multi-step CTF challenges.
Tags: CTF Challenge, WPA Handshake, Wireshark, Aircrack-ng, Wordlist, Wireless Security, Flag Extraction.
File: penyepaman.txt
Spam Message Decoder: For decoding the long spam message.
Decode the spam message in the text file to retrieve the hidden flag.
Analyzing the File:
Opened the penyepaman.txt file in a text editor.
Observed a long, repetitive message resembling spam content.
Based on the challenge description, suspected the use of a spam message decoding method.
Using the Spam Message Decoder:
Uploaded the spam message to an online Spam Message Decoder tool.
Decoded the message to reveal the hidden flag.
FLAG: 3108{sebuah_erti_pengorbanan}
By analyzing the spam-like message in the penyepaman.txt file and using a specialized decoder, the flag was successfully extracted. This challenge highlights the utility of recognizing and leveraging tools for decoding unconventional formats.
Lessons Learned:
Spam-like messages often use encoding techniques that can be decoded with specialized tools.
Challenge descriptions provide subtle hints about the methods or tools required for decoding.
Leveraging online decoding tools saves time and effort in cryptography challenges.
Tags: CTF Challenge, Spam Message, Decoder, Cryptography, Flag Extraction.
File: Batuta.png
Morse Decoder: For decoding the Morse code. (dCode Morse Code Decoder)
Vigenère Cipher Decoder: For decoding the Vigenère Cipher. (dCode Vigenère Cipher Decoder)
Decode the Morse code to reveal the text.
Use the extracted text with the key "KEY" to decode the Vigenère Cipher and retrieve the flag.
Analyzing the File:
Opened the Batuta.png file and observed a picture with Morse code written below it.
Decoding the Morse Code:
Input the Morse code into a Morse Decoder.
Decoded the Morse code, which revealed a text containing a weird sequence and the number 3108.
Identifying the Cipher:
Based on the challenge hint highlighting the word "KEY," suspected the use of a Vigenère Cipher.
Decoding the Vigenère Cipher:
Used the decoded Morse output as the ciphertext.
Entered "KEY" as the key in a Vigenère Cipher Decoder.
Decoded the ciphertext to reveal the flag.
FLAG: 3108{DENGAR_SEBELUM_BICARA}
By decoding the Morse code in the Batuta.png file and using the Vigenère Cipher with the key "KEY," the flag was successfully retrieved. This challenge demonstrates the importance of recognizing and combining multiple cipher techniques to extract hidden information.
Lessons Learned:
Combining ciphers like Morse and Vigenère is common in layered CTF challenges.
Keywords in challenge hints (e.g., "KEY") can provide critical clues for solving the cipher.
Tools like dCode streamline the process of decoding complex ciphers.
Tags: CTF Challenge, Morse Code, Vigenère Cipher, dCode, Cryptography, Flag Extraction.
File: Provided .gba file.
Emulator: VisualBoyAdvance
Gameboy Emulator: For running the .gba file and playing the game.
Run the .gba file using an emulator.
Progress through the game to uncover the hidden flag.
Setting Up the Emulator:
Downloaded and installed the VisualBoyAdvance emulator from the official website.
Configured the emulator for optimal gameplay.
Running the Game:
Loaded the .gba file into the emulator.
Started the game and followed the gameplay instructions.
Finding the Flag:
Played through the game until the professor was rescued.
Upon rescue, the flag was displayed in the game.
FLAG: 3108{b4ntu_am4l4n_mul1a}
By running the .gba file in a Gameboy emulator and progressing through the game, the hidden flag was revealed. This challenge highlights the creative integration of retro gaming and flag retrieval in CTF challenges.
Lessons Learned:
Recognizing file formats (e.g., .gba) is critical for determining the tools or platforms required.
Game-based challenges often integrate gameplay mechanics with flag discovery.
Emulators like VisualBoyAdvance provide an accessible way to interact with legacy game files.
Tags: CTF Challenge, Gameboy Emulator, .gba File, VisualBoyAdvance, Retro Gaming, Flag Extraction.
File: BahteraSiber.exe.txt
File Command: To analyze file information.
Windows Environment: For running the .exe file.
Cheat Engine: For manipulating program values.
Analyze the provided file to determine its functionality.
Manipulate the program to uncover and click the hidden button to retrieve the flag.
Analyzing the File:
Downloaded the BahteraSiber.exe.txt file.
Used the file command to inspect its type, which revealed:
PE32 executable GUI Intel 80386, for MS Windows, UPX compressed.
Renamed the file to BahteraSiber.exe to remove the .txt extension.
Running the Program:
Executed the program in a Windows environment.
Observed a GUI with a “Click Me” button that increased the “Wang” value by RM1 per click.
Noticed a hidden button labeled “BAHAN RAHSIA: 1,000,000 NASI LEMAK” in the bottom-left corner.
Identifying the Objective:
Determined that the goal was to manipulate the program to reach 1,000,000 cooked nasi lemak and activate the hidden button.
Manipulating Values with Cheat Engine:
Launched Cheat Engine and attached it to the running process of BahteraSiber.exe.
Modified the “Wang” value in the program to facilitate faster progression.
Cooked a few nasi lemak to generate a base value and used Cheat Engine to modify the cooked nasi lemak count to 1,000,000.
Clicking the Hidden Button:
Activated the hidden button “BAHAN RAHSIA” after reaching the required value.
Retrieved the flag displayed by the program.
FLAG: 3108{B2148ED1A1EA228DD33363B6D1134063B59B62DB}
By analyzing the file type, running the program, and manipulating its values using Cheat Engine, the hidden button was activated, revealing the flag. This challenge demonstrates the importance of understanding executable files and utilizing external tools to modify program behavior in CTF challenges.
Lessons Learned:
The file command is useful for identifying the nature of unknown files.
Renaming files to remove incorrect extensions can resolve execution issues.
Cheat Engine is a powerful tool for altering runtime values in programs.
Experimentation with program features and hidden elements is key to uncovering solutions in miscellaneous challenges.
Tags: CTF Challenge, Miscellaneous, PE32 Executable, Cheat Engine, Program Manipulation, Flag Extraction.
File: negeri-negeri-di-malaysia.jpg
Aperisolve: For analyzing the image file. (Aperisolve)
CyberChef: For decoding the extracted ciphertext. (CyberChef)
Analyze the image file to uncover hidden data.
Decode the extracted ciphertext to retrieve the flag.
Analyzing the File:
Uploaded the negeri-negeri-di-malaysia.jpg file to Aperisolve for steganographic analysis.
Observed multiple sections in the analysis output.
Found a ciphertext at the end of the strings section.
Decoding the Ciphertext:
Copied the ciphertext from the Aperisolve output.
Pasted it into CyberChef to test decoding methods.
Applied the appropriate decoding recipe in CyberChef to reveal the flag.
FLAG: 3108{B2148ED1A1E_A228DD33_363B6D1134_063B59B62DB}
By analyzing the negeri-negeri-di-malaysia.jpg file in Aperisolve, a ciphertext was discovered in the strings section. Decoding this ciphertext using CyberChef revealed the flag. This challenge highlights the integration of steganography tools and decoding platforms in solving CTF challenges.
Lessons Learned:
Tools like Aperisolve are crucial for identifying hidden data within image files.
Ciphertexts found in steganography challenges often require specialized decoders like CyberChef.
Systematically reviewing analysis outputs can uncover hidden clues.
Combining multiple tools is often necessary for solving layered challenges.
Tags: CTF Challenge, Steganography, Cipher Decoding, Aperisolve, CyberChef, Hidden Data, Flag Extraction.
File: hatta.jpg
Aperisolve: For analyzing the image file. (Aperisolve)
Binary Decoder: For decoding the binary-like text. (RapidTables Binary to Text)
Analyze the image file to uncover hidden data.
Decode the extracted binary-like text to retrieve the flag.
Analyzing the File:
Opened the hatta.jpg file to observe a meme picture.
Uploaded the file to Aperisolve for steganographic analysis.
Inspecting the Strings Section:
Scrolled through the strings section of Aperisolve’s output.
Found a cipher text consisting of dots (.) and slashes (/).
Identifying the Cipher:
Recognized that the text did not match Morse code, as it contained slashes instead of dashes.
Decided to convert dots to 0 and slashes to 1, creating a binary sequence.
Decoding the Binary Sequence:
Input the converted binary sequence into a Binary Decoder.
Decoded the binary sequence to reveal the flag.
FLAG: 3108{k3cil_cili_p4di}
By analyzing the hatta.jpg file in Aperisolve and converting the dots and slashes into binary, the hidden flag was successfully decoded using a Binary Decoder. This challenge highlights the importance of creative thinking in identifying and interpreting unconventional ciphers.
Lessons Learned:
Steganographic tools like Aperisolve are essential for identifying hidden clues in images.
Cipher texts with unconventional symbols may require format conversion before decoding.
Binary decoding is a versatile technique in CTF challenges involving hidden text.
Systematic exploration of analysis outputs can uncover non-obvious patterns.
Tags: CTF Challenge, Steganography, Aperisolve, Binary Decoding, Hidden Data, Flag Extraction.
Starting Point: YouTube Video
YouTube: For analyzing the video.
Social Media Search: For locating the specified username.
Follow the clues provided in the video to identify the social media account.
Locate the flag hidden in the account’s content.
Analyzing the YouTube Video:
Watched the video linked in the provided URL.
Noted the instruction to find a social media account with the username @madah4arjuna.
Searching for the Username:
Searched for @madah4arjuna across social media platforms.
Located the username on Twitter.
Inspecting the Twitter Account:
Opened the account and reviewed its posts.
Found the flag in the latest post.
FLAG: 3108{angka_keramat}
By following the clue from the YouTube video, the social media account @madah4arjuna was located on Twitter. The flag was successfully retrieved from the account’s latest post. This challenge demonstrates the use of cross-platform investigation in CTF challenges.
Lessons Learned:
Clues in multimedia content can guide the investigation process across different platforms.
Social media accounts can serve as repositories for hidden information in CTF challenges.
Systematic searching and reviewing of content are essential for solving investigative challenges.
Tags: CTF Challenge, Social Media, YouTube, Twitter, Investigation, Flag Retrieval.
Provided Content: Song lyrics and hashtags.
Search Engines: For investigating the song lyrics and hashtags.
TikTok: For locating the specified content.
Use the provided song lyrics and hashtags to locate relevant content.
Investigate the content for clues leading to the flag.
Analyzing the Provided Information:
Reviewed the song lyrics and noted the hashtags provided.
Interpreted the task as requiring a search using these elements.
Searching for the Hashtag:
Searched for the hashtag on TikTok.
Located a TikTok account matching the hashtag name.
Inspecting the TikTok Account:
Opened the account and reviewed its videos.
Found the flag embedded in the third video.
FLAG: 3108{m3d14_m4ss4l4h}
By utilizing the song lyrics and hashtags, the relevant TikTok account was identified. The flag was successfully retrieved from the account’s third video. This challenge highlights the integration of social media platforms in investigative CTF challenges.
Lessons Learned:
Hashtags are powerful tools for narrowing down searches on social media platforms.
Combining multiple clues, such as lyrics and hashtags, can provide clear investigative paths.
TikTok and other social media platforms are increasingly used as part of CTF challenges.
Tags: CTF Challenge, TikTok, Hashtags, Social Media Investigation, Flag Retrieval.
Wayback Machine: For accessing archived versions of the provided link. (Wayback Machine)
Recover the expired content from the provided Pastebin link.
Extract the flag from the archived page.
Accessing the Link:
Opened the provided Pastebin URL: https://pastebin.com/nWeJzwsp.
Observed that the page was no longer available and had expired.
Using the Wayback Machine:
Navigated to the Wayback Machine website.
Pasted the Pastebin URL into the search bar to check for archived versions.
Found an archived capture dated August 23, 2023.
Retrieving the Archived Content:
Opened the archived version of the page.
Located and extracted the flag from the retrieved content.
FLAG: 3108{r3d4_d4r1_kis4h_l4m4}
By utilizing the Wayback Machine, the expired content from the provided Pastebin link was successfully recovered. The flag was extracted from the archived capture. This challenge demonstrates the importance of web archiving tools in retrieving historical data.
Lessons Learned:
Expired or deleted web content can often be recovered using tools like the Wayback Machine.
Checking timestamps and browsing historical snapshots can provide valuable insights in investigative challenges.
Utilizing alternative methods and tools is crucial when direct access to resources is unavailable.
Tags: CTF Challenge, Wayback Machine, Web Archiving, Pastebin, Historical Data Retrieval, Flag Extraction.
Twitter Account: @madah4arjuna
Cipher Identifier: For identifying the cipher type. (dCode Cipher Identifier)
Multi-Tap Phone Decoder: For decoding the numbers. (dCode Multi-Tap Decoder)
Telegram: For accessing the specified account.
Decode the numbers from the Twitter posts.
Locate the referenced Telegram account and retrieve the flag.
Analyzing the Twitter Posts:
Reviewed the last two posts on the @madah4arjuna Twitter account.
Noted a sequence of numbers in each post that appeared unusual.
Identifying the Cipher:
Input the number sequences into Cipher Identifier.
The tool identified the cipher as a Multi-Tap Phone (SMS) cipher.
Decoding the Numbers:
Used a Multi-Tap Phone Decoder to decode the sequences.
The result revealed a Telegram account username.
Locating the Telegram Account:
Searched for the decoded username on Telegram.
Found the account and discovered the flag in its messages.
FLAG: 3108{Hassan_Tapa}
By analyzing the Twitter posts from @madah4arjuna, the Multi-Tap Phone cipher was identified and decoded to reveal a Telegram account username. Accessing the Telegram account led directly to the flag. This challenge showcases the integration of multiple platforms and cipher types in CTF challenges.
Lessons Learned:
Multi-Tap Phone ciphers are a creative way to encode messages and can be easily decoded using specialized tools.
Cross-platform challenges require attention to detail when moving between social media and communication apps.
Combining multiple tools, such as Cipher Identifier and decoders, is essential for solving layered CTF puzzles.
Tags: CTF Challenge, Multi-Tap Cipher, Twitter, Telegram, Cipher Decoding, Cross-Platform Investigation, Flag Retrieval.
Files: bahtera_si_pelayar.jpg, BOTOL.rar
Image Viewer: For analyzing the .jpg file.
Archive Extractor: For extracting the contents of the .rar file.
Cipher Identifier: For detecting the cipher type. (dCode Cipher Identifier)
Rot Cipher Decoder: For decrypting the ciphertext.
Extract the password-protected image file from the .rar archive.
Decode the ciphertext found in the image to retrieve the flag.
Analyzing the .jpg File:
Opened the bahtera_si_pelayar.jpg file and reversed the image.
Found the name of the ship: BAHTERAPERTIWI.
Unlocking the .rar File:
Based on the challenge description, the password format was NAMA_TAHUN.
Combined the ship’s name with the year in the description to form the password: BAHTERAPERTIWI_2014.
Used the password to unlock the BOTOL.rar file and extracted the image inside.
Analyzing the Extracted Image:
Opened the extracted image and found a ciphertext on the left side.
Used Cipher Identifier to analyze the text, which suggested a Rot Cipher.
Decrypting the Ciphertext:
Used a Rot Cipher decoder to bruteforce the ciphertext.
Found a result similar to the flag format: 3V08{D3WV~KVR4N4}.
Correcting the Flag Format:
Recognized discrepancies in the decoded result and manually adjusted the characters to match the expected format.
Replaced V with 1 and ~ with _, resulting in the final flag.
FLAG: 3108{D3W1_K1R4N4}
By reversing the .jpg file and using the extracted name and year as the password, the .rar file was unlocked. The ciphertext from the extracted image was analyzed and decoded using a Rot Cipher, and manual adjustments were made to complete the flag. This challenge highlights the importance of combining cryptographic techniques and logical reasoning in CTF challenges.
Lessons Learned:
Password formats based on hints (e.g., NAMA_TAHUN) provide clues for unlocking protected files.
Cipher Identifier tools are invaluable for quickly determining cipher types.
Combining automated decryption with manual adjustments ensures accurate flag reconstruction.
Tags: CTF Challenge, Rot Cipher, Password-Protected Archive, Cipher Identifier, Manual Decoding, Flag Retrieval.
Source: Telegram channel with information about Hassan Tapa.
Instagram: For locating additional clues.
CyberChef: For decoding the base64 ciphertext. (CyberChef)
Pastebin: For accessing the hidden flag.
Follow the clues from the Telegram channel to locate Hassan Tapa’s Instagram account.
Decode the ciphertext and retrieve the flag from the password-protected Pastebin link.
Following the Telegram Clue:
Identified the hint about Hassan Tapa’s latest picture and location on Instagram.
Found Hassan Tapa’s Instagram account.
Inspecting the Instagram Posts:
Reviewed the first post, which contained a ciphertext: aHR0cHM6Ly9wYXN0ZWJpbi5jb20vd3ZheHhFMGI=.
Decoded the base64 ciphertext using CyberChef.
Decoding the Ciphertext:
Entered the ciphertext into CyberChef and selected the Base64 decode operation.
Decoded result: https://pastebin.com/wvaxxE0b.
Accessing the Pastebin Link:
Visited the Pastebin URL, which was password-protected.
Analyzed Hassan Tapa’s Instagram posts for potential passwords.
Found a date with a question mark in one of the posts.
Testing Passwords:
Tried several date formats as passwords, such as 31/08/202?, 31/08/2023, and 3108202?.
Successfully unlocked the Pastebin using 31082023.
Retrieving the Flag:
Extracted the flag from the unlocked Pastebin content.
FLAG: 3108{Pulau_Mabul}
By following the clues from the Telegram channel to Hassan Tapa’s Instagram account, a ciphertext was found and decoded to reveal a Pastebin URL. The password-protected Pastebin was unlocked using a date format deduced from Instagram posts, successfully revealing the flag. This challenge highlights the integration of social media investigation and cryptographic decoding in CTF challenges.
Lessons Learned:
Combining clues from multiple platforms (e.g., Telegram, Instagram) is crucial for solving layered challenges.
Base64 encoding is a common method for concealing URLs and can be easily decoded with tools like CyberChef.
Analyzing dates or patterns in social media posts can provide critical hints for unlocking protected content.
Persistence in testing password variations is often necessary to overcome access restrictions.
Tags: CTF Challenge, Social Media Investigation, Instagram, Telegram, Pastebin, Base64 Decoding, Password-Protected Content, Flag Retrieval.
File: saya_dimana.jpg
Clue: Reference to the place where Tuanku Abdul Rahman was welcomed.
Online Research: For identifying the location.
Image Comparison: For verifying the location using the provided image.
Use the given clue and image to identify the location.
Verify the location to retrieve the flag.
Analyzing the Clue:
The clue referenced the location where Tuanku Abdul Rahman was welcomed.
Conducted research and identified the location as Dataran Pahlawan Melaka.
Researching Dataran Pahlawan:
Searched for images and reviews related to Dataran Pahlawan.
Compared the images with the provided saya_dimana.jpg file.
Verifying the Location:
Found an exact match of the image in a review about Dataran Pahlawan.
Confirmed the location as the one referenced in the clue.
Retrieving the Flag:
Extracted the flag associated with the identified location.
FLAG: 3108{d4tar4n_p4hl4w4n}
By interpreting the given clue and conducting online research, the location was identified as Dataran Pahlawan Melaka. Verification using the saya_dimana.jpg file confirmed the location, successfully leading to the flag. This challenge highlights the importance of combining historical references and image analysis in CTF challenges.
Lessons Learned:
Historical clues often require background research to uncover specific locations.
Image comparison is a reliable method for verifying locations in investigative challenges.
Exploring reviews and online content can provide additional context for solving location-based puzzles.
Tags: CTF Challenge, Historical Reference, Image Analysis, Location Verification, Flag Retrieval.
