{"id":13011,"date":"2016-06-23T20:11:53","date_gmt":"2016-06-23T18:11:53","guid":{"rendered":"http:\/\/www.codilime.com\/?p=13011"},"modified":"2016-11-03T17:27:30","modified_gmt":"2016-11-03T16:27:30","slug":"backdoorctf16-dtune","status":"publish","type":"post","link":"https:\/\/codisec.com\/backdoorctf16-dtune\/","title":{"rendered":"DTune"},"content":{"rendered":"

Link: https:\/\/backdoor.sdslabs.co\/challenges\/DTUNE<\/a>
\nAuthor: Vishrut Kumar Mishra
\nPoints: 70
\nCategory: forensic, sound<\/p>\n

Description<\/h2>\n

Vector recorded this audio when Gill Bates was opening his\/her vault and Gru stole this recording from him (stealing from a thief ain’t a crime, right?). Help Gru decode this message so that he can …(Use your imagination)
\nClue: Message consists of upcase letters.<\/p>\n\nhttp:\/\/www.codilime.com\/wp-content\/uploads\/2016\/06\/dtune.wav<\/a><\/audio><\/blockquote>\n

tl;dr<\/h2>\n

The provided file consists of a recorded touch-tone dialing sequence (DTMF format). After decoding, one needs to map key presses to letters (old style, with physical keyboard, SMS texting).<\/p>\n

Solution<\/h2>\n

After listening to the sound, it was clear that it was a touch-tone dialing sequence, or more technically – DMTF<\/a>. In short – it was an encoded sequence of digits.
\nWith this<\/a> on-line tool we found we have decoded the digits:<\/p>\n

numbers = [8, 4, 3, 0, 3, 5, 2, 4, 0, 4, 7, 7, 0, 7, 4, 4, 2, 2, *, *, *, *, *, *, *, *, *, *, *, *, *, *, *, *, *, *]<\/pre>\n
One of the ideas we came up with was a DTMF encoded session of old-style SMS writing.
\n\"keyboard\"<\/p>\n
We’ve created this mapping:<\/p>\n
string_map = {\n   0: ' ',\n   2: 'abc',\n   3: 'def',\n   4: 'ghi',\n   5: 'jkl',\n   6: 'mno',\n   7: 'pqrs',\n   8: 'tuv',\n   9: 'wxyz',\n}<\/pre>\n
Still there was one problem. By listening to the sound we could clearly distinguish that the tones were grouped. The same tones (repetitions of a single digit) were separated with short intervals. We observed that the tool we had been using might have had problems with those short separators, so we have (manually, using Audacity) counted the repetitions and merged them into single digits.\"img1\"
\n\"img2\"
\nModified audio:<\/p>\nhttp:\/\/www.codilime.com\/wp-content\/uploads\/2016\/06\/dtune-modified.wav<\/a><\/audio>\nThese are the repetitions we have counted:<\/p>\n
rep = [1, 2, 2, 1, 3, 3, 1, 1, 1, 3, 4, 1, 4, 2, 1, 1, 1, 1, 1, 3, 3, *, *, *, *, *, *, *, *, *, *, *, *, *]\n<\/pre>\n
and this is the updated file decoded:<\/p>\n
nums = [8, 4, 3, 0, 3, 5, 2, 4, 0, 4, 7, 0, 7, 4, 2, 2, 5, 6, 0, 6, *, *, *, *, *, *, *, *, *, *, *, *, *, *]\n<\/pre>\n
Finally, after zipping the lists and decoding the message with:<\/p>\n
out = ''\nfor n, r in zip(nums, rep):\n   out+= string_map[n][r - 1]\nprint out<\/pre>\n
we ended up with the following string: the flag is shaajm of x CENSORED x.<\/code> It was pretty easy to notice that shaajm<\/code> in the decoded string is actually sha256<\/code>.<\/p>\n","protected":false},"excerpt":{"rendered":"
Link: https:\/\/backdoor.sdslabs.co\/challenges\/DTUNE Author: Vishrut Kumar Mishra Points: 70 Category: forensic, sound Description Vector recorded this audio when Gill Bates was opening his\/her vault and Gru stole this recording from him (stealing from a thief ain’t a crime, right?). Help Gru…<\/span> <\/p>\n
Read more ›<\/div>\n
<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[16],"tags":[4,21],"yoast_head":"\n\n\n\n\n\n\n\n\n\n\n\n\n\t\n