Category: Forensics
Points: 100
Description
The low-effort wave π Ride the wave man. πββοΈπββοΈπ
The wave is life. The waves are like, sound, and like water, and like cool and refreshing dude.
But waves are hard to ride. So listen to them instead, crashing on the seashore. Listen to the music of the sea. Like the theme this year is music or something. So I theme this challenge, like, minimum effort music. Listen to this attached .wav file. Itβs amazing. Or so Iβve heard. Or rather, havenβt. Somethingβs broken with it. I donβt know dude.
It also doesnβt work. Can you fix this for me? I think thereβs a flag if you can find it.
Wav file: low effort
First step is to try and play the wav file. When we try, we see that it cannot be played. Usually my first step is to either run file filename.wav
to see what we are working with or to open the file in a hex editor (I use the one provided in vscode). Opening in a hex editor we see that the magic numbers (file signature) is PNG.
We can then change the file extension from .wav to .png. Now if we try and open the file we see an image of a discord conversation.
I have solved a similar challenge and recognized that this is an aCropalypse exploit for android devices where a screenshot that has been edited (using androidβs markup tools) can be reconstructed. All we need to know is the type of phone that this screenshot is from and then we can put it into the online tool acropalypse.app. To find the phone model we can either run exiftool filename
or strings filename
. Exiftool will usually be more helpful but for this challenge both work.
Both tell us that the mode is a Pixel 7 which we can enter into the tool and it will return an image containing the missing parts.
Now we have the flag: sun{well_that_was_low_effort}