Contenido principal

Spy Orange

Febrero 18, 2013

Two files are provided in the challenge: oranges.pdf and oranges.wav.

First one contains the text:

February 15, 1973
NATIONAL SECURITY ACTION MEMORANDUM
TO: JULIUS SCHNEIER
DIRECTOR OF CRYPTANALYSIS
NATIONAL SECURITY AGENCY
SUBJECT: RE: Spies Among Us
As per action US182.97, we have continued to
monitor the suspected foreign spies via
telephone wiretap. At 8:12AM this morning, a
call was placed from ORCHID to LILAC containing
what is believed to be a coded message.
You will find enclosed a recording of this
event on audio cassette tape. We request the
immediate analysis of this recording for hidden
meaning or message. This tasking will expire
in 48 hours, at which time OPERATION PSIFERTEX
will commence as planned.
Lt Gen Samuel C. Phillips,
United States Air Force
Director of the NSA

Second one contains a transmission using frecuency-shift keying (FSK), we can follow these steps to decode the signal:

:arrow: Download and compile MultimonNG
:arrow: Use MultimonNG with the CLIPFSK demodulator (Phiber rules!):

# ./multimonNG -t wav -c -a CLIPFSK ../oranges.wav
multimonNG  (C) 1996/1997 by Tom Sailer HB9JNX/AE4WA
            (C) 2012 by Elias Oenal
available demodulators: POCSAG512 POCSAG1200 POCSAG2400 EAS UFSK1200 CLIPFSK AFSK1200 AFSK2400 AFSK2400_2 AFSK2400_3 HAPN4800 FSK9600 DTMF ZVEI SCOPE
Enabled demodulators: CLIPFSK
sox WARN dither: dither clipped 9 samples; decrease volume?
CLIPFSK: CS DATE=02102221 CID=6169405176 CNT=BIT.LY/U3MMRU

We got a phone number from United States (6169405176), and a bit.ly that points to https://2013.ghostintheshellcode.com/ececff43-60ed-4788-9831-14a4c44373b3.txt.

The file contains the text:

Lzw ywfwjsd osflk log hgsuzwv wyyk vwdanwjwv xgj tjwscxskl. Qgmj afyjwvawflk sjw wfudgkwv.

MWkVTSgSUISSSZ2fKMArR08tEySSSUQSSSSVSToSs2N5NNIBSSEv/pRJZx8OMPN4UoSTTGyVSSSW
6SESSFwbg9HYLoC+LLsBvjOXZ/4USQu7T3N56JCivIN7sNAgNEiIC7L3LghQUNZB4xEjMzrrMWkZ
UVFfLpkqSSSSBySSSXTDSIAwSogSUISSSZ2fKMArR08tEySSSUQSSSSVSTySSSSSSSWSSSU0yISS
SSTjRPdNNSMSSp3/XdX1wSkSSILgSoSSTGyVSSTIKoMYSSSSSSWSSITBSSSSxoSSSSSS

Using ROT-8 algorithm, we can retrieve the original text that contains a password protected file encoded with base64:

The general wants two poached eggs delivered for breakfast. Your ingredients are enclosed. 

UEsDBAoACQAAAH2nSUIzZ08bMgAAACYAAAADABwAa2V5VVQJAAMd/xZRHf8WUXV4CwABBOgDAAAE
6AMAANejo9PGTwK+TTaJdrWFH/4CAYc7B3V56RKqdQV7aVIoVMqQK7T3TopYCVHJ4fMrUhzzUEsH
CDNnTxsyAAAAJgAAAFBLAQIeAwoACQAAAH2nSUIzZ08bMgAAACYAAAADABgAAAAAAAEAAAC0gQAA
AABrZXlVVAUAAx3/FlF1eAsAAQToAwAABOgDAABQSwUGAAAAAAEAAQBJAAAAfwAAAAAA

When you called the phone (6169405176), you could hear The Lincolnshire Poacher:

Using "The Lincolnshire Poacher" as the password for the zip, we were able to get the flag:
I see all the code and I watch it run

Archivado en: Retos informáticos |

Deja un comentario