Tuesday, November 18, 2014

UTPHax'14 - Writeup for Audio Stego Round 5

Its a great experience handling another hacking contest in a local university recently. As usual, there will be some questions that the contestants were not able to answer it and they keep on asking how the hell are it can be solved?

Well, here's one of the way for this challenge :)

Question : Chill out the pressure and listen to the rhyme. Enjoy! 
Participant provided with a WAV where when they play it will hear a nice piano rhythm. However, it seems there's something buggy at the middle of the play.

Hint given 

By looking at the hint, we can know that this sound generated from an online tool which can be manipulated using our keyboard.
Simple google for "piano generator" will lead us to this website http://www.gootar.com/piano/ and yes, this is the right URL :)

By default, there's already a piano tone available on the URL and if we play it, woh! it is the similar sound with our question WAV audio.right?!

Open up our audacity and record the sound. Open the original WAV and compare it with our question WAV. It will looks like below.

From the analysis, we can say that the starting and ending point is just like what I squared out in the picture above. So let us see what is actually the key that was used before our flag located is.

Yerp. you are right. symbol. So what we should do next? Looking back at our keyboard based piano, we can know that each tone have different frequency (high,high peak,low,etc) as described in the picture below, I divided it into 4 different layer of frequency.

If we hear the sound where our flag located is, the first tone actually belong to the 2nd layer. So back again to the URL, and 1 by 1 we test to capture the sound.
Start the tone with ; then continue with the character in the 2nd layer. As example,
;]_;[_;p_;o -continue yourself- do note that _ symbol actually just a rest tone. so we can hear the tone much clearer.
Once done for that, again record and compare it using audacity. It will look like below.

Aha! we can see some similarities between the sound we created just now with the original question WAV (from the starting point of the flag).
So the flag either start with ;p or ;o

Let us pick and proceed with a new tone. Hear it back again, and we can say the tone quite low and belong to 3rd layer.

Go to URL, and start recording the tone. 
;p;_;pl_;pj_;ph_;pg -blalala continue yourself-

Compare it again with our question WAV.

Auw yeahh!! we are on the right track! Then? just continue the same step until you finish the line. once done you'll get the flag :)
flag is pl4yme

That's all. Thanks!