neverlanCTF 2020 - [Forensic] Listen to this (125pts)

Written by Maltemo, member of team SinHack.

Statement of the challenge


You hear that?



Analyzing the file

After listening to the audio of the mp3, I can recognize two things :

I assumed that the flag was hidden in the morse. But in order to decode it, I had to isolate that sound.

In order to manipulate the sound, I used audacity.

First step consists in importing the music file in audacity.

If you want to isolate a partcular sound, you have to fond the the exact same mp3, without what you’re searching to isolate.

Example : To isolate a voice in a music, you take the original music and the karaoke/instrumental version.

By inverting the sound waves of the instrumental version and merging the two audio files, you will be able to remove the background music and only get the voice.

Here, we are searching for the original podcast in order to isolate the morse sound.

By searching the first setences of this audio file on google, I found the initial podcast and its retranscription :

Thanks to the soundcloud iframe, I was able to download the original mp3 podcast.

I found a good tutorial about isolating vocals with audacity on this website :

  1. You have to PERFECTLY synchronize the two soundtracks.
  2. Invert the the original soundtrack (not the one with morse) with Effects > Invert.
  3. Select the two audio tracks and merge them with Tracks > Mix & Render

With this result, you should obtain the morse sound with more or less parasite in function of how precise you were during step 1.

In order to have a more visual view of the morse code, I used sonic-visualiser with the spectrogram view (Layer > Add Spectrogram > All chanels mixed).

The three first letters were : F L A

Then, I used the morse code and was able to decode the message.



After analizing a mp3 file, we can hear some morse sound in the background. After isolating and amplifying the sound, we are able to manualy decode it.



Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.