* Flags

Just use https://www.dcode.fr/maritime-signals-code

* c0rrupt

This turned out to be surprisingly tricky.  The PNG format consists of
a header followed by chunks.  Each chunk consists of 4 length bytes, 4
identifier bytes, as many bytes as specified by the length and 4
checksum bytes.  Depending on the identifier of the chunk data is
interpreted accordingly, the spec explains the common ones:
http://www.libpng.org/pub/png/spec/1.2/PNG-Chunks.html

The task is to open the file in a hex editor (try =r2= if you dare)
and edit the identifiers, lengths and contents until the file opens
correctly.  Checksums don't need to be adjusted as most viewers will
treat incorrect ones as warning, but feel free to fix them nonetheless
*after* you're done fixing everything else with
http://schaik.com/png/pngcsum.html

One issue I ran into is assuming the PNG file has a single IDAT
chunk and interpreted everything after the identifier bytes as
content, then adjusted the length accordingly.  This is wrong, there
are several consecutive IDAT chunks and each of them needs its length
adjusted to span only that much.

If everything went right, you'll get a noisy image spelling out the
flag as =picoCTF{c0rrupt10n_1847995}=.  If not, apply the following
radiff2 patch with =r2 -q -w -i mystery.r2patch mystery=:

#+BEGIN_QUOTE
wx 50 @ 0x00000001
wx 47 @ 0x00000003
wx 1a0a @ 0x00000006
wx 4948 @ 0x0000000c
wx 00 @ 0x00000046
wx 0ec4 @ 0x00000048
wx 0ec4 @ 0x0000004c
wx 0000 @ 0x00000053
wx 49 @ 0x00000057
wx 41 @ 0x00000059
#+END_QUOTE

* m00nwalk

http://www.techedupteacher.com/how-to-make-an-sstv-puzzle/ explains
how the transmission can be decoded.  I've downloaded the suggested
decoder, ran it in WINE and tried figuring out a way to load up the
audio file.  It turns out the program processes everything looking
like a microphone instead, so I ended up with the following
contraption:

- Upload the audio file on a web server
- Download the audio file to my smartphone
- Play back the audio file on my smartphone, holding it towards my
 laptop's built-in microphone
- Make sure the sound is picked up by the program

Eventually I ended up with the following:

[[file:m00nwalk.png]]

Note that using the save button creates a watermarked copy, with the
watermark obscuring half of the flag, hence the screenshot.

* m00nwalk 2

Using the same trick a few more pictures can be decoded from the
additional audio files.  They hint at steganography being used with
the passphrase =hidden_stegosaurus=.  Use =steghide= with it on the
main audio file and you can extract a text file containing the flag:

#+BEGIN_QUOTE
picoCTF{the_answer_lies_hidden_in_plain_sight}
#+END_QUOTE

* mus1c

Just use the online interpreter on https://codewithrockstar.com/online
and it will print a bunch of numbers:

#+BEGIN_QUOTE
114
114
114
111
99
107
110
114
110
48
49
49
51
114
#+END_QUOTE

These are ASCII for "rrrocknrn0113r" which happens to be the flag.

* 1_wanna_b3_a_r0ck5tar

Unlike the previous exercise this one cannot be solved just by using
the online demo on the official website and some analysis of the code
is required.  I've used
https://github.com/marcinruszkiewicz/kaiser-ruby to compile the code
to Ruby:

#+BEGIN_SRC ruby
@rocknroll = true
@silence = false
@a_guitar = 19
@tommy = 44
@music = 160
print '> '
__input = $stdin.gets.chomp
@the_music = Float(__input) rescue __input
if @the_music == @a_guitar
 puts ("Keep on rocking!").to_s
 print '> '
__input = $stdin.gets.chomp
@the_rhythm = Float(__input) rescue __input
 if @the_rhythm - @music == nil
   @tommy = 66
   puts (@tommy).to_s
   @music = 79
   @jamming = 78
   puts (@music).to_s
   puts (@jamming).to_s
   @tommy = 74
   puts (@tommy).to_s
   @tommy = 79
   puts (@tommy).to_s
   @rock = 86
   puts (@rock).to_s
   @tommy = 73
   puts (@tommy).to_s
   break
   puts ("Bring on the rock!").to_s
 else
   break
 end
end
#+END_SRC

After ignoring the nonsensical =break= statements and fixing the
second comparison, it's possible to just execute the code.  Enter the
two expected numbers when prompted and the the code will print the
following numbers:

#+BEGIN_QUOTE
66
79
78
74
79
86
73
#+END_QUOTE

Once again it's ASCII, but for "BONJOVI".

You are viewing proxied material from brause.cc. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.