PicoCTF Writeup – m00nwalk

by Posted on

# Information:

CTF Name: PicoCTF

CTF Challenge: m00nwalk

Challenge Category: Forensics

Challenge Points: 250

PicoCTF 2019

# Used Tools:

  • QSSTV
  • pavucontrol

# Challenge Description:  

Decode this message from the moon.  

Hints: How did pictures from the moon landing get sent back to Earth? What is the CMU mascot?, that might help select a RX option.

# Writeup  

According to the description, we have a message from the moon in this challenge. I downloaded the file using the “message” word, which resulted in an .wav file.

I decided to give it a listen, but all I heard was noise and what appeared to be static. I decided to investigate the hints and look up online how the photographs of the moon landing were sent back to Earth. I knew it was Apollo 11 because I read on Wikipedia that: “Apollo 11 used slow-scan television (TV) incompatible with broadcast TV”. Knowing this I searched online for Slow-scan television (SSTV).

I discovered that this is a popular CTF challenge in which pictures are hidden within audio files. I also discovered that there is a tool that can decode that!

QSSTV was the tool I used. I installed it on my Linux computer. I did some additional research on how to decode SSTV audio to extract hidden images and discovered that I also needed to install pavucontrol because I am running Linux.

I installed both with these commands:    

 mregra on Cyber $ sudo apt install qsstv && sudo apt install pavucontrol -y

Once the installation was complete, I used the following steps to decode the audio and obtain the image:

Step 1

First I launched qsstv by typing in the terminal:  

 mregra on Cyber $ qsstv

Step 2

Then I launched pavucontrol by typing in the terminal:    

 mregra on Cyber $ pavucontrol

Step 3

I built a virtual connection to connect qsstv to pavucontrol, by typing the following command:

 mregra on Cyber $ pactl load-module module-null-sink sink_name=virtual-cable

At this point I have these qsstv and pavucontrol open. These are the respective GUIs:  

QSSTV:  

pavucontrol:  

It is important to: go to the pavucontrol GUI -> choose the tab Recording -> select the null ouput This is important because the null output corresponds to the virtual link created previously.

Next: go to the QSSTV -> Options -> Configuration -> choose the tab Sound -> select the pulse — PulseAdio Sound Server for both Input and Output Audio device, as such:  

Make sure all of the other options are the same, then click OK to save and exit. When you return to the main QSSTV GUI, make sure the Auto Slant box is checked and the Mode is set to Auto. We want the mode on auto because there are a few RX options.

We know it has something to do with the CMU mascot from the hint, and since CMU’s mascot is Scotty the Scottie Dog, we can definitely say it’s Scottie something. However, there are three Scottie alternatives, so by configuring it this way (the Mode set to auto) the tool finds it for us hehe. The configuration GUI is shown in the image below:

Now we are ready to start decoding! To do so one simply has to type this command in the terminal:    

 mregra on Cyber $ paplay -d virtual-cable message.wav

And, by looking at the QSSTV we can see something like this happening:

And after finishing we get an image with the flag upside down. After rotating it with a simple image editor tool we get the flag:

Show flag
picoCTF{beep_boop_im_in_space}

Thank you very much for reading!

Cheers,

MRegra

Share this post:

Popular posts

Author Profile
MRegra Silva
Related Posts

Published by MRegra Silva

2 Replies to “PicoCTF Writeup – m00nwalk”

  1. I enjoy what you guys are up too. This type of clever work
    and exposure! Keep up the good works guys I’ve incorporated you guys to
    blogroll.

    Reply
  2. Pingback: PicoCTF Writeup – m00nwalk2 - MRegra on Cyber

Leave a Reply

Your email address will not be published. Required fields are marked *