zh3r0 CTF

Hidden Music [499 pts]

 Challenge Description

Challenge Description:

The given file is this.bmp

The given hint is just a troll. The challenge has nothing to do with Outguess. However, the actual hint is in the challenge description itself.

image

So, by using OpenStego a file named didYouCheckMyNumbers.gz can be extracted without a password. However, the extension is just a gimmick and running strings on the file reveals some interesting stuff:

image

We can see that the file is just a concatenation of a bunch of files. The flag in the middle is just a troll. The MThd chunk is the first chunk in a MIDI file. Since the challenge title suggests something to do with music, this file is important. Using a hex-editor(I used hexed.it), all the bytes preceding MThd are deleted and the resulting file is exported as audio.mid.

The file is then imported into a sequencer(I used onlinesequencer.net/). Zooming out a bit, the flag is visible:

image

The flag is Zh3r0{MUSIC_IS_FUN_DO_TO_DO}