[*] Alien Communication
So I used This Website to show the spectrum, as you can see in fig, the flag appeared in the spectrum wave.
[*] Secret Document
The attachment file is a DAT file (Secret-Document.dat).
You can see “xorry” word in the challenge description, and this makes it very clear that this dat file is XORRed.
Therefore, I searched for any XOR file decryption tool and found This Ones
I just clone this repo and run the script as written in Usage section, but change the input file name and change the key to “shell” as written in the challenge description.
The output file has the PNG magic bytes, so that it’s a PNG image
You just need to save the output with .png extension not .txt.
The output image contains the plain text flag.
The attachment file is a JPEG file (Seventh_Heaven_Image.jpeg), but if you use file command on it, you’ll see that’s a PNG file not a JPEG.
As challenge description, the flag is somehow related to the image RGB.
You can see from the following fig that the flag is hidden in the 7th RGB plane
[*] GO Deep!
The File Link redirects you to google drive link that contains a zip file (Agent.zip).
Download the file and unzip it, it contains only a WAV file (file.wav)
And I also tried a lot of online tools to extract any data like: This Website and other places but I ended up with nothing too :(.
So that, I ask a fellow to give me a small hint and he told me to focus and search about challenge name (“Go Deep”).
I did plentiful search until I accidentally came across this comment on Reddit:
After downloading the program, import file.wav to it but the program will ask you to write a password
You can easily get the password with strings command
Write the password into DeepSound and it will show you that there is a secret file called (Deep Flag.txt) inside the WAV.
Click on “Extract secret files” to get the flag :)
[*] Hidden File
The attachment file is a JPG file (Hidden.jpg).
From the file command, I got a password for something.
In a lot of forensics CTFs, when you find the password directly like this, this means that there is something hidden inside this file and it needs this password to extract it.
For extraction, I used Steghide tool with password “shell”, and we got a “Hidden Files.zip” file
By unzipping, you’ll get a three files (flag.zip “needs password” , se3cretf1l3.pdf, something.jpg)
something.jpg is a QR code image, after I scanned this QR code, it gave me a youtube link for “Never Gonna Give You Up” song (yeah, I got rickrolled XD), so this file is nothing
Now move to se3cretf1l3.pdf, it’s an one page pdf file that does not contain any important information.
It’s very obvious that this pdf file contains hidden data so you have to extract this data.
For me, I love to pass the PDFs files to This Website first to extract any hidden data in images, text or fonts
Upload the PDF file and click on Text section, you’ll find the hidden key (shellctf)
Finally, use this key to unzip the flag.zip file and you’ll get the flag :)