Author: Vishrut Kumar Mishra
Points: 70
Category: forensic, sound


Vector recorded this audio when Gill Bates was opening his/her vault and Gru stole this recording from him (stealing from a thief ain’t a crime, right?). Help Gru decode this message so that he can …(Use your imagination)
Clue: Message consists of upcase letters.


The provided file consists of a recorded touch-tone dialing sequence (DTMF format). After decoding, one needs to map key presses to letters (old style, with physical keyboard, SMS texting).


After listening to the sound, it was clear that it was a touch-tone dialing sequence, or more technically – DMTF. In short – it was an encoded sequence of digits.
With this on-line tool we found we have decoded the digits:

One of the ideas we came up with was a DTMF encoded session of old-style SMS writing.

We’ve created this mapping:

Still there was one problem. By listening to the sound we could clearly distinguish that the tones were grouped. The same tones (repetitions of a single digit) were separated with short intervals. We observed that the tool we had been using might have had problems with those short separators, so we have (manually, using Audacity) counted the repetitions and merged them into single digits.img1
Modified audio:

These are the repetitions we have counted:
and this is the updated file decoded:
Finally, after zipping the lists and decoding the message with:
we ended up with the following string: the flag is shaajm of x CENSORED x. It was pretty easy to notice that shaajm in the decoded string is actually sha256.

Leave a Reply