CTF Mugardos 2015 Writeup – Stego200

February 13, 2017 | Views: 4048

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Statement: AM 200 points

Now seriously, when it comes to listening to music, nothing is better than the radio … well, maybe that’s not completely true.

Maybe we are too nostalgic.

Format the answer:
– Uppercase and lowercase as they appear in the flag
– No spaces


In this challenge, they gave us an Ogg file, nothing strange to the naked eye. Let’s start opening it with Audacity:


We can see that the first two tracks are the original song but there is a third track, let’s extract it and open it with Sonic Visualiser. This app has helped me a lot in the past with the typical text hidden in audio thanks to its layers:


As I’m used to I added the spectrogram layer just in case there was some text, and because I like it more. In this case, we didn’t find any text but we were able to locate some audio in a specific part.

After thinking about several ways and doing several tests with software oriented to weather fax that we already saw in other challenges I decided to try my luck with SSTV. For that, we will play the audio with paplay while we set QSSTVE to listen. Notice that you need to redirect the audio output to the input so QSSTV can receive it, in my case using PulseAudio I did this using pavucontrol, in the input sections and the monitor mode interfaces.

Here we can see that QSSTV has recognized the signal as SSTV in Scottie 1 mode and begins to show the result:


When the audio finishes playing we get the following image:


Calculate the SHA256 of the string “IWannaKnowPulpoKey” and we get the flag we need.

Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?